Hackers Spying on Android Phones in Real Time, Targeting 500+ Bank, Crypto and Payment Apps To Steal Sensitive Data: Cybersecurity Firm

A new version of a notorious banking malware is hitting Android phones, allowing hackers to steal login details and control banking apps in real time, according to researchers.

The cybersecurity firm Zimperium says  the malware employs a novel virtualization technique that allows legitimate banking apps and other applications on a victim’s device to be hijacked.

“Instead of simply mimicking a login screen, the malware installs a malicious “host” application that contains a virtualization framework. This host then downloads and runs a copy of the actual targeted banking or cryptocurrency app within its controlled sandbox.

When a user launches their app, they are seamlessly redirected to this virtualized instance, where every action, tap, and data entry is monitored and controlled by the malware at runtime.”

Zimperium says the novel technique allows the malware to intercept login credentials and other sensitive information of victims in real time.

“The malware grants attackers the ability to steal a wide range of login credentials, from usernames and passwords to device PINs, ultimately leading to a full account takeover.”

The new version of the GodFather banking malware, which hits users who download malicious apps from unofficial sources or click phishing links, is targeting nearly 500 financial applications across the globe.

“The targeting is exceptionally comprehensive in the banking sector, covering major financial institutions across North America, Europe, and Turkey.

In the United States, the list includes nearly every major national bank, prominent investment and brokerage firms, and popular peer-to-peer payment apps.

In the United Kingdom and Canada, the largest and most widely used retail and commercial banking applications are targeted.

The campaign is also extensive across Europe, with major banks in Germany, Spain, France, and Italy included in the target list.”

Besides banking, cryptocurrency wallets and exchange applications, the malware is also targeting other popular applications including those in the digital payments and e-commerce sectors.

Generated Image: Midjourney