German Regulator Sounds Alarm Bells Over Crypto and Banking Malware
Image courtesy of 123rf.

German Regulator Sounds Alarm Bells Over Crypto and Banking Malware

A new malware known as "Godfather" is targeting 400 crypto and banking apps, according to the German financial regulator BaFin.
Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

BaFin, Germany’s top financial regulator, warned crypto and TradFi users about a malware called “Godfather,” which is targeting around 400 crypto and banking apps. The malware steals users’ login data by displaying fake websites of legitimate banking and crypto exchange apps.

‘Godfather’ Malware Targeting 400 Crypto and Banking Apps

German financial watchdog BaFin warned consumers about a new malware known as “Godfather” targeting banking and crypto apps, the regulator said in a statement on Monday. The malware has affected roughly 400 apps and platforms, some of which are based in Germany, BaFin added.

According to the regulator, it remains unclear how exactly Godfather attacks consumers’ devices. However, it is known that it sends push notifications to consumers to obtain 2-factor authentication codes. This way, the attackers can “gain access to consumers’ accounts and wallets,” BaFin noted.

The malware also defrauds users by displaying fake websites of popular crypto and banking apps. Users who log into their accounts are directed to fake websites which are sending their login data to hackers. In addition, the malware can also steal other data like device information, SMS, and similar.

According to the cybersecurity portal PCrisk, the Godfather mimics the Google Protect tool and asks for access to the Accessibility Service. If a user provides access to the Accessibility Service, the Godfather can steal the user’s contacts and SMSs and allow it to make calls and record screens.

Further, the malware “shows fake login pages for legitimate banking and crypto exchange applications. Those phishing pages are used to steal credentials (login information like usernames, customer IDs, passwords, etc.),” PCrisk says.

Join our Telegram group and never miss a breaking digital asset story.

Crypto Becoming Hackers’ Perfect Victim

This malware first emerged in December, when it reportedly attacked Android users across 16 countries. Cybersecurity professionals at Group-IB first warned about Godfather in 2021, though the malware has not been as active until late last year.

The reports of new attacks highlight that crypto remains one of the hackers’ favorite targets, particularly the DeFi sector. A research report by TRM Labs revealed that a record $3.7 billion worth of crypto funds were stolen in 2022 alone.

More recently, a DeFi whale lost $3.4 million in GMX tokens in a phishing attack, PeckShield and CertiK reported. Phishing attacks are similar to the Godfather malware as both try to steal login credentials through counterfeit websites.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

What must global regulators do to protect crypto from hackers and cybercriminals? Let us know in the comments below.