data theft Archives

AppWizard

June 20, 2025

GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps

Zimperium zLabs has identified a new version of the GodFather Android banking malware that uses on-device virtualization to infiltrate legitimate banking and cryptocurrency applications. This malware creates an isolated virtual environment on the victim's device, allowing attackers to observe and manipulate user interactions in real time. It employs a malicious host application with a virtualization framework that downloads and executes a copy of the targeted app, capturing credentials and sensitive information. GodFather targets nearly 500 applications globally, particularly focusing on Turkish financial institutions. It utilizes evasive tactics, including ZIP manipulation and obfuscation, to evade detection and installs its payload through a session-based dropper technique. The malware retains traditional overlay attacks and has extensive remote control capabilities, posing a significant threat to mobile security and user trust.

AppWizard

June 20, 2025

Godfather Android malware takes over banking apps

A new version of the Android malware Godfather creates isolated virtual environments on mobile devices to steal account details and transactions from banking apps. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, utilizing a fully virtual file system, virtual process IDs, intent spoofing, and a component called StubActivity. Godfather manifests as an APK app with a virtualization framework, scanning for targeted applications and encapsulating them within its virtual environment. It intercepts permissions for accessibility services, redirecting them to a StubActivity that launches the virtual version of the banking app, allowing it to capture sensitive information. The malware can record account details, passwords, and PIN codes using Xposed for API hooking. It employs a fake lock screen overlay to trick users into entering their credentials and can manipulate user interfaces and execute transactions within the legitimate banking app. Godfather first emerged in March 2021 and has evolved significantly since then, with the latest iteration demonstrating advancements from previous versions.

AppWizard

June 19, 2025

Godfather Android malware now uses virtualization to hijack banking apps

A new iteration of the Android malware "Godfather" has emerged, utilizing advanced techniques to create isolated virtual environments on mobile devices for stealthy account data theft and transaction manipulation from legitimate banking applications. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, employing a comprehensive virtual filesystem, virtual Process ID, intent spoofing, and a component called StubActivity. Godfather is delivered as an APK app with an embedded virtualization framework, scanning for installed target applications and launching them within its virtual environment. It intercepts user interactions with genuine banking apps, capturing sensitive data like credentials and PINs while presenting a legitimate interface. The malware can execute commands to unlock devices and initiate transactions while avoiding detection. Godfather first appeared in March 2021 and has evolved significantly since then, with the latest version representing a notable advancement over previous iterations. Users are advised to download apps only from trusted sources and remain cautious about app permissions to protect against this malware.

AppWizard

June 19, 2025

Minecraft cheat tools may actually contain malware

Trojanized cheat tools for Minecraft hosted on GitHub have been found to install malware that extracts sensitive information from players. Check Point Research identified around 500 GitHub repositories involved, potentially compromising about 1,500 devices. This operation, active since March, is linked to Russian-speaking malware developers from the Stargazers Ghost Network. The malware, disguised as cheat tools like Oringo and Taunahi, initiates a multi-stage attack requiring Minecraft to be pre-installed. It first installs a malicious JAR mod that evades detection, then proceeds to steal Minecraft tokens, Microsoft account information, and data from platforms like Discord and Telegram. The final component captures credentials from web browsers, cryptocurrency wallets, VPN applications, and gaming platforms, sending the stolen data to a Discord webhook.

AppWizard

June 7, 2025

ISKP Magazine Questions Encryption Claims Of Messaging App, Cautions

The latest edition of "Voice of Khurasan" critiques Gem Space, a new social media platform attracting Islamic State Khorasan Province (ISKP) members, highlighting security vulnerabilities. The article warns against migrating from Telegram to Gem Space due to concerns over the platform's closed-source nature, unspecified encryption protocols, lack of end-to-end encryption confirmation, unclear ownership, and absence of transparency reports. It suggests that claims of 40+ million downloads may be exaggerated, pointing to a lack of independent validation of the platform's security. The article emphasizes the importance of informed decision-making regarding digital security.

AppWizard

May 27, 2025

Google Play’s latest security change may break many Android apps for some power users

Google's Play Integrity API has been updated as of May 2025 to include stricter security measures that verify app integrity on Android devices. The updated API aims to prevent abuse and protect sensitive information but excludes most custom ROMs, making it challenging for users who root their devices. This change means that many applications, particularly in banking, gaming, and medical services, may become inaccessible to rooted users. The new integrity verdicts—“basic,” “device,” and “strong”—now incorporate hardware-backed security signals, with the “strong” verdict requiring recent security patches. Developers will automatically transition to these stronger verdicts, enhancing security without additional effort. As a result, power users may be locked out of essential applications, and workarounds to bypass these restrictions are becoming less effective.

Tech Optimizer

May 26, 2025

This Stealthy Malware Takes Control of Your Computer to Steal Your Data

Skitnet is a new malware that targets personal data by stealthily infiltrating computer systems. It is used by hackers to steal sensitive information through advanced methods, including the insertion of invisible malicious code in emails and the creation of fraudulent websites. Cybersecurity experts from PRODAFT have revealed that Skitnet is often employed by ransomware groups and can remotely control infected computers using services like AnyDesk. The malware operates discreetly, monitoring user actions without detection for extended periods, making it difficult for victims to realize they are infected until after data theft occurs. To protect against such threats, security specialists recommend identifying suspicious emails, using reliable antivirus software, and enhancing account security with two-step verification and strong passwords.

Winsage

May 25, 2025

Windows Passwords Are Under Attack — Do These 7 Things Now

Microsoft Windows is a target for cybercriminals, particularly regarding password theft. Trend Micro has reported an increase in fraudulent Captcha attacks that trick users into executing malicious commands through the Windows Run dialog, leading to data theft and malware infections. These attacks utilize PowerShell and can deploy various malware types, including Lumma Stealer and AsyncRAT. Despite efforts to disrupt the Lumma Stealer network, threats persist, exploiting legitimate platforms. Microsoft recommends users adopt safer online practices and outlines seven mitigations for organizations: disable access to the Run dialog, apply least privilege, restrict access to unapproved tools, monitor unusual behavior, harden browser configurations, enable memory protection, and invest in user education.

Winsage

May 22, 2025

Microsoft says Lumma password stealer malware found on 394,000 Windows PCs

Microsoft, in collaboration with law enforcement, has taken legal action against the Lumma malware operation, which has affected over 394,000 Windows PCs globally, particularly in Brazil, Europe, and the United States. A federal court authorized the seizure of 2,300 domains used as command and control servers for Lumma, and the Justice Department confiscated five additional domains related to its infrastructure. Lumma is primarily spread through questionable games or cracked applications and extracts sensitive information such as logins, passwords, credit card details, and cryptocurrency wallets, which is then sold to other cybercriminals. Lumma also facilitates the deployment of additional malware, including ransomware, and has been linked to significant cyberattacks on major tech companies like PowerSchool and Snowflake, resulting in substantial data theft.

Tech Optimizer

May 3, 2025

Use Protection: 6 Tips to Watch Porn Online Safely

Seventeen U.S. states have enacted age verification laws that effectively prohibit adult websites from operating within their jurisdictions. The use of Incognito Mode can help hide browsing history, but it is not completely secure as data may still be retained by Google. Data theft is a risk when engaging with adult content, especially if personal information is shared on pornographic sites. Using a VPN can enhance anonymity, but it does not protect against voluntarily shared information. Privacy services like IronVest can help create disposable email addresses and phone numbers. Ads on adult websites can contain malware, making antivirus software important for protection. Trusted pornographic sites typically prioritize user privacy and security, so caution is advised when choosing platforms.