DALLAS–A new version of a notorious banking malware is again targeting Android phones, allowing the hackers to steal login details and control banking apps in real time, according to a new report. 

The cybersecurity firm Zimperium said the malware employs a novel “virtualization technique” that allows legitimate banking apps and other applications on a victim’s device to be hijacked.

“Instead of simply mimicking a login screen, the malware installs a malicious ‘host’ application that contains a virtualization framework,” the Daily Hodl explained. “This host then downloads and runs a copy of the actual targeted banking or cryptocurrency app within its controlled sandbox. When a user launches their app, they are seamlessly redirected to this virtualized instance, where every action, tap, and data entry is monitored and controlled by the malware at runtime.”

Log-Ins Intercepted

According to the Zimperium report, the novel technique allows the malware to intercept login credentials and other sensitive information of victims in real time.

“The malware grants attackers the ability to steal a wide range of login credentials, from usernames and passwords to device PINs, ultimately leading to a full account takeover,” the company stated. 

It added that the new version of the GodFather banking malware, which hits users who download malicious apps from unofficial sources or click phishing links, is targeting nearly 500 financial applications across the globe.

‘Exceptionally Aggressive’

“The targeting is exceptionally comprehensive in the banking sector, covering major financial institutions across North America, Europe, and Turkey,” Zimperium stated. “In the United States, the list includes nearly every major national bank, prominent investment and brokerage firms, and popular peer-to-peer payment apps.”

Additional details on the new threat can be found here.