10 Tips to Travel Smart
What you need to know about the latest Godfather malware
There’s a new Godfather lurking in the shadows, and this one’s just as powerful and dangerously deceptive.
The latest Godfather malware is a sophisticated banking trojan that can steal your banking information and more, all without you noticing. Here’s what it is, how it works and how you can protect yourself.
What is the Godfather malware?
The Godfather is a type of malicious software that targets people who use mobile banking apps — especially those on Android phones. It’s designed to look and act like a legitimate app, but once it’s on your phone, it can steal your login credentials, hijack multi-factor authentication codes and even take control of your device.
Who is most at risk?
You’re more likely to be at risk if:
- You use an Android phone.
- You download apps from unofficial sources (not the Google Play Store or Apple App Store).
- You click on links in texts or emails that lead to app downloads.
- You don’t regularly update your phone or apps to the most current operating system or version.
How it works
The Godfather hijacks already installed banking apps, so when you launch them, you’re unknowingly launching the malware.
Imagine you open your banking app and everything looks normal. But instead of the real app running directly on your phone, it’s actually a copy of the app that’s running inside a hidden “bubble” created by the malware.
This bubble is called virtualization, and it looks and feels exactly like the real app — except when you type in your username, password or security code, you’re not sending it to your bank, you’re sending it straight to the hackers.
How it gets on your phone
The problem starts when you download an app that seems harmless, like a game or digital tool, but that app secretly installs the Godfather malware.
Currently, Android’s open app system offers users the ability to download apps from third-party sources, called sideloading. While increasing choice, sideloaded apps have not been vetted through the official Google Play Store, increasing the risk of exposure to malware. Apple iOS generally has stricter app controls. This could change, however, as access laws evolve.
What happens if your phone gets infected?
Once installed, the Godfather malware allows the hackers to see everything you do. They can:
- Steal your banking login credentials and security codes
- Make transfers or payments without your permission
- Obtain your phone’s unlock code
- Take control of your phone
- Disable your antivirus app
How to protect yourself
You can avoid becoming a victim by following a few simple steps:
- Only download apps from official stores.
Use the Google Play Store or Apple App Store. Avoid third-party app stores or links from texts and emails inviting you to download an app. - Be cautious with app permissions.
If an app asks for access to things it shouldn’t need (like your messages or device settings), that’s a red flag. - Keep your phone and apps updated.
Updates often include security fixes that help block malware. - Review your online banking settings.
Determine what notifications your bank’s online banking application offers to notify you of money movement, successful logins or password resets. - Enable multi-factor authentication.
An extra form of authentication like a one-time passcode or biometric face scan — in addition to your username and password — adds an extra layer of protection. - Actively monitor bank account activity.
Look for unauthorized transactions or suspicious activity. Caught early, you may be able to avoid larger losses. - Install a trusted mobile security app.
These apps can help detect and block threats before they do damage. - Watch for warning signs.
If your phone starts acting strangely, you get login alerts you don’t recognize or your banking app behaves oddly, contact your bank right away.
If you suspect fraud, call Umpqua Bank immediately at (866) 486-7782.
You may also file a fraud report online at ReportFraud.ftc.gov.
