Godfather malware is now hijacking legitimate banking apps — and you won't see it coming

A notorious banking malware that targets the best Android phones has returned with new capabilities that make it even easier for hackers to siphon off your hard-earned cash.
As reported by Infosecurity Magazine, an updated version of the Godfather malware has been spotted online by the mobile security firm Zimperium.
Back when I first reported on this malware several years ago, it was being used by hackers to target popular banking and finance apps in countries around the world. At that time, Godfather primarily used overlay attacks to trick unsuspecting users into entering their usernames and passwords. These credentials were then used to log into their financial accounts to steal both cash and cryptocurrency.
Now though, the Godfather malware is back with a major upgrade that allows it to create virtualized versions of legitimate apps to commit fraud in real-time.
Here's everything you need to know about this new malware threat along with some tips and tricks on how you can keep your devices and financial accounts safe from hackers.
Overlay attacks can definitely be convincing and many Android users have fallen for them in the past. However, as they require copying a banking or crypto app's user interface and branding perfectly, this can be a lot of extra work.
To appear more convincing while making things easier for hackers, Godfather now launches virtual instances of targeted apps from within a sandboxed environment on vulnerable Android smartphones. That way, instead of having to rely on potential victims enabling the necessary permissions, the malware can now essentially clone financial apps to more easily steal credentials from potential victims.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
The implication here is also huge since due to this new attack method, you can't even trust the legitimate apps you have installed on your phone. Likewise, doing things this way allows the Godfather malware to evade detection.
Before creating virtual versions of banking and financial apps, the malware first scans an infected device to see which apps a victim actually has on their smartphone. From there, it compares a user's installed apps against a list of targeted apps. If one of the targeted apps is found, Godfather creates a virtualized version of it that launches when a user tries to run the legitimate app.
Depending on which banking or financial app is being targeted, the malware has several different methods for stealing a user's credentials. At the same time, it's also able to steal the PIN or unlock pattern for an Android smartphone. Unsurprisingly, Godfather does this by using a fake overlay that's designed to mimic a user's actual lock screen.
To make matters worse, this malware is also able to remotely control an infected device using a number of different commands. This lets the hackers behind this campaign commit real-time fraud on an infected device oftentimes without a victim's knowledge. For instance, with a phone's PIN or unlock pattern, they could unlock the device when it's in a victim's pocket or charging overnight and steal their passwords and cash without anything seeming amiss.
Fortunately (at least for now), this upgraded version of the Godfather malware has only been used in attacks targeting Turkish Android users according to Zimperium's report on the matter. However, this could easily change and the hackers behind this campaign could branch out to target users in other countries like the U.S., the U.K. or Canada.
As such, you're going to want to take steps now to protect your Android smartphone and any banking or financial data it contains. The easiest way to stop Godfather and other Android malware strains in their tracks is to turn off an Android smartphone's ability to install apps from unknown sources. This feature is disabled by default but if you've turned it on, you're going to want to turn it off right now.
Many malware strains use malicious apps as a means to gain entry to a vulnerable Android smartphone and Godfather is no different. You also want to be wary about files sent to you via email or on social media as they could also contain malware.
For this reason, you want to make sure that Google Play Protect is enabled on your smartphone as this pre-installed security app can scan all of your existing apps and any new ones you download for malware. If you want extra protection though, you can always run one of the best Android antivirus apps alongside it.
Another useful step you can take to stay safe is to limit the number of apps installed on your phone overall. Since even good apps can go bad, having too many apps on your phone puts you at greater risk. Besides deleting unused apps, you also want to ask yourself whether or not you really need a new app before installing it.
Banking malware is dangerous enough on its own but now that Godfather can create virtualized copies of legitimate Android banking and financial apps, we could soon see other malware strains implementing this capability too. Thankfully, Google always tries to stay one step ahead of hackers and often updates Android to prevent these kinds of attacks from being possible in the first place. This is why you should always update your Android smartphone as soon as new software becomes available. And if you're phone isn't receiving updates anymore, then it's certainly time for an upgrade.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

8 minutes ago

• Yahoo

5 AI stocks to consider buying and holding for the long term

Many AI applications are still in development, offering ground-floor buying opportunities in their stocks. Below are some established companies that five of contract writers like as investments to consider buying to capitalise on this transformational technology. What it does: Alphabet is a global technology company best known for Google, YouTube, Android, and cloud services. By Mark Hartley. When considering an AI investment for the long term, Google's parent company Alphabet (NASDAQ: GOOG) stands out. It has emerged as a key player in the AI space, leveraging its vast data resources and computational power to dig deep roots into the industry. Through DeepMind and its Gemini AI models, Alphabet is at the forefront of generative AI development. Google Cloud offers scalable AI tools and infrastructure for businesses, while AI enhancements in products like Search, Gmail, and YouTube are well-positioned to benefit from advertising revenue. Alphabet's expansive ecosystem gives it a strategic advantage in training and deploying AI models at scale. A significant risk, however, lies in the potential disruption of its core search business. As AI chatbots and generative search become more prevalent, traditional search advertising could face margin pressure. Additionally, if faces increased regulatory scrutiny on data usage, antitrust concerns and competition from rivals like Microsoft and Amazon. Mark Hartley doesn't own shares in any of the stocks mentioned. What it does: Cellebrite is the global leader in decrypting mobile phones and other devices supporting digital forensic investigations. By Zaven Boyrazian. Many AI stocks today are unproven. That's why I prefer established players leveraging AI to improve their existing mission-critical products like Cellebrite (NASDAQ:CLBT). Cellebrite specialises in extracting encrypted data from mobile phones and other devices aiding law enforcement and enterprises in criminal and cybersecurity investigations. Over 90% of crime commited today has a digital element. And when it comes to decrypting mobile phones, Cellebrite is the global gold standard. The company is now leveraging AI to analyse encrypted data – drastically accelerating a task that's historically been increadibly labour intensive identifying patterns, discovering connections, and establishing leads. Most of Cellebrite's revenue comes from law enforcement, exposing Cellebrite to the risk of budget cuts. In fact, fears of lower US federal spending is why the stock dropped sharply in early 2025. And with a premium valuation, investors can expect more volatility moving forward. But in the long run, Cellebrite has what it takes to be an AI winner in my mind. That's why I've already bought shares. Zaven Boyrazian owns shares in Cellebrite. What it does: Dell Technologies provides a broad range of IT products and services and is an influential player in AI. By Royston Wild. Dell Technologies (NYSE:DELL) isn't one of the more fashionable names in the realm of artificial intelligence (AI). The good news is that this means it trades at a whopping discount to many of its peers. For this financial year (to January 2026), City analysts think earnings will soar 41% year on year, leaving it on a price-to-earnings (P/E) multiple of 12.6 times. Such readings are as rare as hen's teeth in the high-growth tech industry. In addition, Dell shares also trade on a price-to-earnings growth (PEG) ratio of 0.3 for this year. Any reading below 1 implies a share is undervalued. These modest readings fail to reflect the exceptional progress the company's making in AI, in my opinion. Indeed, Dell last month raised guidance for the current quarter as it announced 'unprecedented demand for our AI-optimised servers' during January-March. It booked $12.1bn in AI orders in the last quarter alone, beating the entire total for the last financial year. Dell is a major supplier of server infrastructure that let Nvidia's high-power chips do their thing. Dell's shares could sink if unfavourable developments in the ongoing tariff wars transpire. But the company's low valuation could help limit the scale of any falls. Royston Wild does not own shares in Dell or Nvidia. What it does: Salesforce is a customer relationship management (CRM) software company that is developing AI agents. By Edward Sheldon, CFA. We've all seen the potential of artificial intelligence (AI) in recent years. Using apps like ChatGPT and Gemini, we can do a lot of amazing things today. These apps are just the start of the AI story, however. I expect the next chapter to be about AI agents – software programmes that can complete tasks autonomously and increase business productivity exponentially. One company that is active in this space is Salesforce (NYSE: CRM). It's a CRM software company that has recently developed an agentic AI offering for businesses called 'Agentforce'. It's still early days here. But already the company is having a lot of success with this offering, having signed up 8,000 customers since the product's launch last October. Now, Salesforce is not the only company developing AI agents. So, competition from rivals is a risk. I like the fact that the company's software is already embedded in over 150,000 organisations worldwide though. This could potentially give it a major competitive advantage in the agentic AI race. Edward Sheldon has positions in Salesforce. What it does: Salesforce is a cloud-based software company specialising in customer relationship management, helping businesses manage sales, marketing, support, and data. By Ben McPoland. I think Salefsforce (NYSE: CRM) looks well set up to benefit in the age of AI. Specifically, its Agentforce platform, which lets businesses deploy AI agents to handle various tasks, could be the company's next big growth engine. By the end of April, it had already closed over 8,000 deals, just six months after launching Agentforce. Half of those were paid deals, taking its combined data cloud and AI annual recurring revenue above $1bn. Granted, that looks like small potatoes set against the $41.2bn in sales it's expected to generate this fiscal year. But it's still very early days, and management reckons the digital labour market opportunity could run into the trillions of dollars. Of course, it's always best to treat such mind-boggling projections with a healthy dose of scepticism. And the company does face stiff competition in the AI agent space, especially from Microsoft and ServiceNow. Nevertheless, I'm bullish here. Salesforce is already deeply embedded in sales, service, and marketing. Its AI agents slot into existing workflows, which I think will prove to be a big advantage over unproven AI upstarts. Ben McPoland owns shares of Salesforce. The post 5 AI stocks to consider buying and holding for the long term appeared first on The Motley Fool UK. More reading 5 Stocks For Trying To Build Wealth After 50 One Top Growth Stock from the Motley Fool John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Suzanne Frey, an executive at Alphabet, is a member of The Motley Fool's board of directors. The Motley Fool UK has recommended Alphabet, Amazon, Cellebrite, Microsoft, Nvidia, and Salesforce. Views expressed on the companies mentioned in this article are those of the writer and therefore may differ from the official recommendations we make in our subscription services such as Share Advisor, Hidden Winners and Pro. Here at The Motley Fool we believe that considering a diverse range of insights makes us better investors. Motley Fool UK 2025 Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Android Authority

11 hours ago

• Android Authority

Google Drive for Android gets a video player upgrade and better upload tools

Edgar Cervantes / Android Authority TL;DR Google Drive for Android now has a redesigned video player with easier-to-use playback controls. The mobile upload process has also been improved with file renaming, folder selection, and clearer progress tracking. Both features are now rolling out to all Google Workspace and personal Drive users. Google has been steadily modernizing its main storage app. The latest Google Drive for Android updates focus on making videos easier to watch and files easier to upload. According to Google's Workspace Updates blog, the Android app is finally getting the same revamped video player that rolled out on the web last year. The refreshed design moves playback controls below the video rather than overlaying them, making them easier to see and use. It also includes quick access to captions, playback speed, and full-screen mode. We first previewed the Android version of this player back in March, when code in a Drive app teardown hinted at the visual overhaul. At the time, the updated layout could be manually enabled but hadn't yet rolled out to users. Google Drive's mobile upload experience is also getting a facelift. You can now rename files and select their destination folder as soon as you hit upload, and a new progress bar gives a clearer view of how much remains. There's also an Upload tab where you can keep track of pending and recently completed uploads. Both changes have fully rolled out to all Workspace customers and personal Google accounts. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.

Business Upturn

12 hours ago

• Business Upturn

AIXA Miner Launches Free Cloud Mining App to Expand Global Crypto Access

Denver, CO, USA, June 20, 2025 (GLOBE NEWSWIRE) — In a strategic move to democratize digital asset mining, AIXA Miner has officially launched its free cloud mining mobile app, giving users around the globe an easy way to start earning crypto daily — no hardware, no technical knowledge required. Backed by advanced AI algorithms and powered by renewable energy, AIXA Miner's new mobile application opens the door to accessible, eco-conscious crypto income, right from your smartphone. Making Mining Easier Than Ever The new AIXA Miner app allows users to sign up and begin cloud mining Bitcoin, Ethereum, and other major cryptocurrencies within minutes. With a clean interface, multilingual support, and built-in wallet integration, the app simplifies every step of the process: Sign up for free and start mining immediately AI-managed backend optimizes mining performance Monitor earnings and contract status from your dashboard Withdraw or reinvest earnings anytime Built-in support for green-powered mining infrastructure This release marks a key milestone in AIXA Miner's mission to make digital wealth generation more inclusive, especially for individuals in regions without access to traditional finance or mining hardware. Free Entry, Real Rewards New users receive a free mining trial upon sign-up, enabling them to experience real-time crypto rewards without depositing funds. Once registered, users can choose from a variety of flexible contract plans that fit their income goals, ranging from short-term options to longer-term mining strategies. The app is compatible with Android and iOS devices and has been optimized for low data usage and secure access from anywhere in the world. Built on Clean Energy and Smart Technology AIXA Miner's infrastructure is built in regions with high renewable energy availability, significantly reducing the environmental footprint of its mining operations. Paired with AI-driven resource allocation, this approach ensures efficient, high-yield mining while aligning with 2025's global push toward sustainability. How to Get Started with the App Download the app via Register with a valid email to activate your free trial Start mining Bitcoin, Ethereum, or other supported coins Track progress with daily payout notifications Withdraw or reinvest earnings at your convenience Whether you're a newcomer to crypto or looking to expand your digital income streams, the AIXA Miner app provides a simple and transparent way to get started, with no need for complicated setups or costly equipment. AIXA Miner's 2025 Vision Founded in 2020, AIXA Miner is a U.S.-based cloud mining platform powered by renewable energy and artificial intelligence. With a presence in over 200 countries and regulatory this app launch comes amid a wave of global demand for reliable, user-friendly mining platforms that respect both the planet and the user's time. AIXA Miner is positioning itself at the intersection of AI innovation, green energy, and financial inclusion, serving users across Europe, Asia, Africa, and the Americas. For more information, visit: [ Disclaimer: The information provided in this press release does not constitute an investment solicitation, nor does it constitute investment advice, financial advice, or trading recommendations. Cryptocurrency mining and staking involve risks and the possibility of losing funds. It is strongly recommended that you perform due diligence before investing or trading in cryptocurrencies and securities, including consulting a professional financial advisor. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. Ahmedabad Plane Crash