- Zimperium spots a new version of godfather among users of Turkish Android
- A new version creates virtualized versions of legitimate banking applications in a sandbox
- It can exfiltrate connection identification information, PIN codes and unlock the models
The notorious malware for sponsor for Android phones is back with revenge, warned experts, targeting the victims with an improved construction which makes it more dangerous than ever.
Zimperium cybersecurity researchers claim to have seen an updated version of the malicious infamous in the wild, and it is even more dangerous because it simplifies things while escaping even better detection.
The godfather is a bank Troy, used to steal money on people’s bank accounts. Previous variants have worked as a superposition – placing an invisible layer above legitimate banking applications. Consequently, when the victims display their applications and begin to type their connection identification information, it would be recovered by the superposition and sent to the attackers, who would later connect to the application and make cash withdrawals.
Virtualization attacks
The new version, however, abandons the superposition approach for something more sinister – creating a virtualized version of the application.
On compromised devices, malware launched a virtual body of the banking application in a sandbox. In this way, malicious software does not even need to request excessive authorizations in order to carry out fraud by wire, and means that victims may not even trust the legitimate applications they have installed.
When the victim is infected, the malware first analyzes the applications installed and is looking for a bank that adapts.
If he finds one, he creates a virtualized version which launches each time the victim tries to raise the legitimate.
In addition to stealing connection identification information, the sponsor can exfiltrate spit codes and unlock the models, and can control the device remotely during opening hours (in the middle of the night, for example), making transfers while the victim is asleep.
Zimperium says that he has only observed among users of Turkish Android so far, but he has warned that malware operators could rotate west at any time, so that banking users all over the world are on their care.
Via Infoscussion
