Latest news with #InfosecurityMagazine
Tom's Guide
2 days ago
- Tom's Guide
Godfather malware is now hijacking legitimate banking apps — and you won't see it coming
A notorious banking malware that targets the best Android phones has returned with new capabilities that make it even easier for hackers to siphon off your hard-earned cash. As reported by Infosecurity Magazine, an updated version of the Godfather malware has been spotted online by the mobile security firm Zimperium. Back when I first reported on this malware several years ago, it was being used by hackers to target popular banking and finance apps in countries around the world. At that time, Godfather primarily used overlay attacks to trick unsuspecting users into entering their usernames and passwords. These credentials were then used to log into their financial accounts to steal both cash and cryptocurrency. Now though, the Godfather malware is back with a major upgrade that allows it to create virtualized versions of legitimate apps to commit fraud in real-time. Here's everything you need to know about this new malware threat along with some tips and tricks on how you can keep your devices and financial accounts safe from hackers. Overlay attacks can definitely be convincing and many Android users have fallen for them in the past. However, as they require copying a banking or crypto app's user interface and branding perfectly, this can be a lot of extra work. To appear more convincing while making things easier for hackers, Godfather now launches virtual instances of targeted apps from within a sandboxed environment on vulnerable Android smartphones. That way, instead of having to rely on potential victims enabling the necessary permissions, the malware can now essentially clone financial apps to more easily steal credentials from potential victims. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. The implication here is also huge since due to this new attack method, you can't even trust the legitimate apps you have installed on your phone. Likewise, doing things this way allows the Godfather malware to evade detection. Before creating virtual versions of banking and financial apps, the malware first scans an infected device to see which apps a victim actually has on their smartphone. From there, it compares a user's installed apps against a list of targeted apps. If one of the targeted apps is found, Godfather creates a virtualized version of it that launches when a user tries to run the legitimate app. Depending on which banking or financial app is being targeted, the malware has several different methods for stealing a user's credentials. At the same time, it's also able to steal the PIN or unlock pattern for an Android smartphone. Unsurprisingly, Godfather does this by using a fake overlay that's designed to mimic a user's actual lock screen. To make matters worse, this malware is also able to remotely control an infected device using a number of different commands. This lets the hackers behind this campaign commit real-time fraud on an infected device oftentimes without a victim's knowledge. For instance, with a phone's PIN or unlock pattern, they could unlock the device when it's in a victim's pocket or charging overnight and steal their passwords and cash without anything seeming amiss. Fortunately (at least for now), this upgraded version of the Godfather malware has only been used in attacks targeting Turkish Android users according to Zimperium's report on the matter. However, this could easily change and the hackers behind this campaign could branch out to target users in other countries like the U.S., the U.K. or Canada. As such, you're going to want to take steps now to protect your Android smartphone and any banking or financial data it contains. The easiest way to stop Godfather and other Android malware strains in their tracks is to turn off an Android smartphone's ability to install apps from unknown sources. This feature is disabled by default but if you've turned it on, you're going to want to turn it off right now. Many malware strains use malicious apps as a means to gain entry to a vulnerable Android smartphone and Godfather is no different. You also want to be wary about files sent to you via email or on social media as they could also contain malware. For this reason, you want to make sure that Google Play Protect is enabled on your smartphone as this pre-installed security app can scan all of your existing apps and any new ones you download for malware. If you want extra protection though, you can always run one of the best Android antivirus apps alongside it. Another useful step you can take to stay safe is to limit the number of apps installed on your phone overall. Since even good apps can go bad, having too many apps on your phone puts you at greater risk. Besides deleting unused apps, you also want to ask yourself whether or not you really need a new app before installing it. Banking malware is dangerous enough on its own but now that Godfather can create virtualized copies of legitimate Android banking and financial apps, we could soon see other malware strains implementing this capability too. Thankfully, Google always tries to stay one step ahead of hackers and often updates Android to prevent these kinds of attacks from being possible in the first place. This is why you should always update your Android smartphone as soon as new software becomes available. And if you're phone isn't receiving updates anymore, then it's certainly time for an upgrade.
Independent Singapore
07-06-2025
- Business
- Independent Singapore
Gen Z and Millennials are confident in spotting scams, yet are the first to jump into new investments
Are Gen Z and Millennials too clever for their own good? While these risk-tolerant investors may feel the most confident about spotting scams, they're also the most likely to jump into new investment opportunities, sometimes without conducting proper due diligence . A recent survey by forex broker experts at BrokerChooser found that 76.22% of 25- to 34-year-olds are 'confident' they can spot investment scams, and 32.62% even said they are 'very confident.' Across all age groups, 60.20% of respondents felt confident spotting scams—but only 16.8% were 'very confident,' with that number dropping to just 8.67% among those over 55. At the same time, a striking 91% admitted they would act in ways that could expose them to fraud. When asked what they'd do when presented with a new forex investment platform 'pending regulation,' claiming to have 2,000 investors and offering returns of 15% to 20% per month, 35.67% of respondents aged 25 to 34 said they'd ask friends or family if they'd heard of it. According to the report, this is a form of social proof that scammers often exploit. Millennials (26.53%) and Gen Z (20.21%) said they would 'test' the platform by investing a small amount, compared to just 3% of Boomers, unknowingly exposing themselves to greater risk. This comes as investment scams surge worldwide. In 2024 alone, Infosecurity Magazine reported that fake investment domains jumped 25% compared to the previous year, with nearly 13,000 fake investment domains detected across more than 7,000 IP addresses. Globally, it is estimated that over US$1 trillion was stolen through scams, according to the Global Anti-Scam Alliance. Despite these, interest in investing among younger adults continues to rise. About 30% of Gen Z started investing while still in university or early adulthood—over three times more than Gen X (9%) and five times more than Boomers (6%). BrokerChooser also found that younger investors are more likely to be swayed by common scam tactics. Almost one in five Gen Zs (19.96%) said screenshots of profitable trades would convince them to invest, while 15.03% would trust celebrity or influencer endorsements. See also Is Cash Out Refinancing a Smart Financial Move? 'This is concerning given that two out of three forex customers typically lose money and the fact that 50% of fraud now involves the use of AI, which can be used to fake images,' it noted. Notably, OSC research found that people were 22% more likely to invest in AI-enhanced scams than in traditional ones. Meanwhile, 35.37% of Millennials said they would trust testimonials from so-called 'successful traders,' even though these could be easily faked or paid endorsements to create a false sense of credibility. One of the most common red flags, unregulated platforms claiming to be 'pending approval,' still manages to hook people. When asked how they would verify the legitimacy of a forex trading platform, 23.15% of respondents said they would ask the broker directly for copies of their licences and certificates. However, this can be risky, as it relies entirely on trusting the broker's word, who may provide forged or misleading documentation. See also Best fixed deposit rates in Singapore for Jan 2024 Krisztián Gátonyi, from BrokerChooser, said, 'It's critical that people learn to pause and verify, checking for official registration with financial regulators and scrutinising contact information.' He noted, 'A quarter of young investors admit to making impulsive decisions in order to keep up with current investment trends, often leaving little time to properly evaluate the risks. Amid a sharp rise in investment scams, this behaviour is particularly dangerous, especially as fraudsters grow increasingly sophisticated in how they present themselves.' 'With the rise of AI, we're now seeing realistic fake websites, chatbot 'advisors', and even deepfake videos of celebrities endorsing bogus schemes. It's becoming harder for even seasoned investors to separate genuine opportunities from high-tech fraud,' he added. /TISG Read also: Fraud and scams driven by generative AI are now among the biggest cyber threats in the financial sector
