What is GodFather?
GodFather is a malware that functions like a Trojan horse. The purpose of this malware is to infect Android devices, spy the user, steal banking information and crypto exchange credentials. Additionally, it can steal device information and send SMSs. Security researchers have classified GodFather as banking trojan which means that its primary goal is to steal banking information (logins and passwords), as well as crypto exchange credentials. Usually, such malware is able to control smartphones, download and install other malicious software, and steal user’s personal data.
- What is GodFather?
- How can you protect against GodFather malware?
- How to detect and Remove GodFather
- Report GodFather malware
GodFather malware in detail
GodFather malware operates by abusing the Android Accessibility Services. These services allow apps to take control of the Android device to perform special tasks. The main goal is to aid people with disabilities to use their smartphones.
Malware can use the Android Accessibility Services to create overlay screens that mimic sign-in pages of commonly used online banks and crypto exchange applications. The overlay screens are so similar that it is impossible to distinguish fake sign-in pages from real ones. When a victim logs into an online bank and enters credentials, the malware records that information and passes it on to the criminals, who gain access of the victim’s bank accounts. Cyber criminals gain control over the victim’s bank accounts and can withdraw funds.
As mentioned above, GodFather can completely control the victim’s phone, including simulating keystrokes on the keyboard and taps, swipes, and gestures directly onto the screen at a system-wide level. This ability can be used to make fraudulent transfers and confirm them. This trojan is also capable of taking screenshots, starting and ending processes, turning smartphones on and off.
GodFather malware can lead to blackmail, other malware attacks, including ransomware and cryptominers malware, very serious privacy problems, identity theft, as well as significant financial losses. Ransomware can lead to the loss of personal documents and important data. Cryptominers are malware that uses phone resources to secretly mine cryptocurrency. Therefore, it is very important to use an antivirus, and if there are signs of an attack (if the GodFather malware is detected) immediately scan the smartphone and remove the malware.
Notably, the GodFather trojan is set to avoid any Android smartphone with the language set to Armenian, Azerbaijani, Belarusian, Kazakh, Kyrgyz, Moldovan, Russian, Tajik, or Uzbek.
To summarize, GodFather malware can lead to all types of fraud including stolen accounts and identify theft. It can also lead to other malware attacks, including ransomware, cryptojacking malware, and spyware. GodFather can seriously affect user privacy, phone performance and security.
|Name||GodFather (GodFather malware)|
|Type||malware, trojan, password-stealing virus, virus, banking malware, spyware, backdoor|
|Detection Names||TrojanBanker:Android/SpyBanker.2574fc02, Android:Evo-gen [Trj], ANDROID/Obfus.GAN.Gen, Android.BankBot.1024.origin, Adware.AndroidOS.Vuad.A!c, Trojan:AndroidOS/SpyBanker.F, Trojan.Gen.MBT, Android.Malware.Trojan, HEUR:Trojan-Banker.AndroidOS.GodFather.c|
|Distribution||social engineering, hacked software, fake update tools, malicious email attachments, deceptive apps, scam pages|
|Damage||battery is drained quickly, financial losses, stolen banking credentials, stolen personal information, decreased Internet speed|
|Removal||GodFather removal guide|
On the Internet, users can come across many malicious apps that perform various malicious actions. Among them there are such as Altruistics Virus, Your File Is Ready To Download.iso, Trojan Wacatac, Winlogson.exe malware, Setup.rar Password 123456 Virus, although, of course, there are many more. Some of them collect user data, others install malware on computers, and still others add infected smartphones and computers to botnets, and so on.
In any case, each malicious app (adware, browser hijacker, trojan, worm, …) is a huge threat to both user privacy and device security. Therefore, malicious apps must be removed immediately after detection; using an infected phone is very dangerous.
How can you protect against GodFather malware?
There are a number of methods that you can use to protect against GodFather. It is better to use them together, this will provide stronger protection.
- Use a trusted ad blocker. Ad blockers allow you to browse sites without ads, thus eliminating the possibility of clicking on something malicious and preventing it from being downloaded to the machine.
- Pay for premium versions of popular services. The easiest way to avoid malware is to pay for the service you use. Many Internet services make it possible to use them without ads if you purchase a premium subscription. This helps ensure that malicious software cannot reach you.
- Buy devices from trusted companies with built-in security. There have already been many cases where people who bought inexpensive Android devices found that trojans was already installed on their devices. Cheap Android devices do not receive security updates and are therefore particularly susceptible to infection and should be avoided.
- Use an antivirus. Most antivirus programs can block trojans. Some trojans can block antiviruses, in which case a more aggressive method should be used, which is to use malware removal software. This software can detect and remove trojans that has a negative impact on the device.
How to detect and Remove GodFather malware
If you suspect that your smartphone is infected with malware, you accidentally clicked on a malicious link, or just want to scan your device for malicious apps, then use this guide. You may find some minor differences in your Android device. No matter, you should be okay if you follow the steps outlined below: remove all suspicious and unknown apps, reset browser settings, scan your device for malware. Some of the steps below will require you to close this webpage. So, please read the step-by-step instructions carefully, after that bookmark it for later reference.
To remove GodFather malware, please follow the steps below:
- Uninstall unknown and suspicious apps
- Detect and remove GodFather malware
- Reset Android browser
- Reset Android phone (Factory Reset)
Remove unknown and suspicious apps
The best way to start removing GodFather malware is to uninstall all unknown and suspicious apps. Using the standard features of Android, you can do it easily and quickly. This step, despite its simplicity, should not be missed, as removing unnecessary and suspicious apps, you can get rid of unwanted advertisements, browser redirects, malware, adware and viruses.
First of all, make sure that the Android phone does not have any apps running. To do this, open the list of running applications and remove all apps from it. Another option, just restart the phone, after which do not start anything.
Now you can start removing unnecessary apps. Open Android Phone settings, select APPS here. You will be shown a list of installed applications, similar to the one shown in the following example.
Several times, very carefully review this list, most likely one of the apps listed here is a spyware, adware or malware that displays unwanted ads or installs malicious apps on your phone. To remove a suspicious app from Android Phone, just click on its name and select UNINSTALL in the window that appears, as shown in the figure below.
If you can not figure out what to delete and what to leave, use the following criteria for determining adware, malware and viruses. The app is suspicious if: it consumes a lot of memory (for example, it’s called a calculator, and consumes hundreds of megabytes of memory), the app name is completely unfamiliar to you (check the app name through Google search), the app requires strange permissions (for example, a calculator requires permission to send sms and access to the address book). At this stage, you need to be even a bit suspicious than usual.
Detect and remove GodFather malware
We recommend using Kaspersky Anti-Virus for mobile devices. This app can perform a full scan of your Android phone, find the trojan and quickly remove it. Kaspersky Anti-Virus can remove almost all kinds of viruses that hit Android phones, including such as adware, trojans, browser hijackers and so on.
Click the following link, which leads to the Kaspersky Anti-Virus for mobile devices page in the Google Play Store. Click Install. When the program installation is complete, click the Open button and you will see the following window.
Click the Next button and follow the prompts. When Kaspersky Anti-Virus for Android phones finishes its configuration, you will see the main window. After that, the automatic procedure for updating the virus signature database will be launched.
When the update is completed, Kaspersky Internet Security for Android will begin to scan your Android phone.
If viruses, adware, trojans or other malicious programs are found during scanning, the app will prompt you to delete them.
Reset Android browser
Adware and other malware can change Android settings. But most often malicious apps make changes to browser settings, modifying your home page or search engine. Therefore it is very important, after scanning the Android device with antivirus software, also check the browser settings and restore its normal values.
Start the browser. Click on the icon in the form of three points, which is located in the right corner of your phone. In the menu that opens, select Settings.
You will see a list of browser settings. Find the “Search Engine” option and click on it. In the window that opens, select Google.
Go back to the list of browser settings. Now click “Home page”. Check that the switch is in the ON position. If necessary, move it to this position. Then click on the line below, which says “Open this page”. In the window that opens, enter the address of your home page or the line “about:blank” (without quotes). In this case, the blank page will be used as the homepage.
In addition to the above, it is also recommended to clear data that was saved by the browser while the phone was infected. To do this, in the list of settings, find the Privacy item and click it. Scroll the page to the bottom until you find “Clear browsing data”, press it. You will see the window as shown in the figure below.
In the “Time range”, select the time period that covers the period when your Android phone was infected with malware, then click “CLEAR DATA” button. During this procedure, your Google account will not be deleted, passwords, bookmarks and other personal information will be saved.
Reset Android phone (Factory Data Reset)
If nothing of the above is helpful and you failed to get rid of GodFather malware manually or using antivirus software, then most likely the malware can only be removed by resetting the phone.
In order to reset Android phone, and thus remove GodFather malware, do the following. Open Phone Settings, scroll down to General management. Click it. You will see a window similar to the one shown in the pictures below.
Find the “Reset” option and click on it. You will see a list of possible ways to reset the phone settings, select the “Factory Data Reset” option.
Click “Factory Data Reset” button. ATTENTION! All your personal data from the phone’s internal memory will be deleted, all phone settings will be restored to their original state. The internal memory of the phone will be TOTALLY cleared.
Report GodFather malware
If you encounter this malware, then let us and our readers know about your case, post it as comment on this article. This helps us to warn users about current GodFather variants, monitor trends and disrupt malware infection.