e-commerce Archives

AppWizard

June 21, 2025

Godfather Android trojan uses virtualization to hijack banking and crypto apps

Zimperium zLabs has identified a new version of the GodFather Android trojan, which uses on-device virtualization to hijack legitimate banking and cryptocurrency applications. This malware creates a sandbox environment on the victim's device to run actual applications while intercepting user input in real time, allowing for complete account takeovers and bypassing security measures. The current campaign primarily targets Turkish banks. The GodFather malware employs ZIP manipulation and obfuscation techniques to evade detection, concealing its payload within the assets folder and using session-based installation methods. It utilizes accessibility services to monitor user input, automatically grant permissions, and exfiltrate data to a command-and-control (C2) server via Base64-encoded URLs. The trojan leverages open-source tools like Virtualapp and Xposed to execute overlay attacks, virtualizing applications within a host container. It scans for specific banking applications, downloads Google Play components into a concealed virtual space, and creates a deceptive environment to execute genuine banking applications. When users access their legitimate banking apps, GodFather redirects them to counterfeit versions within its virtual space, capturing their interactions. The malware employs advanced hooking techniques tailored to banking applications, intercepting network connections and capturing sensitive information. It can also compromise lock screen credentials by displaying fake overlays. GodFather supports a wide range of commands, allowing attackers to simulate gestures, manipulate screen elements, and steal sensitive data while remaining hidden from users and security tools. The malware targets over 484 popular applications, including banking, cryptocurrency, e-commerce, and social media platforms, with a current focus on a dozen Turkish financial institutions. This discovery marks a significant advancement in mobile malware capabilities compared to previous threats.

AppWizard

June 21, 2025

Understanding Android 14 Privacy Changes: Key Insights

The introduction of Android 14 features a sophisticated permissions model that requests app permissions only when needed, allowing users to choose between "approximate" and "precise" location access. Apps handling transactions must justify their need for real-time access. Background location usage must be disclosed in Play Store listings, and developers must complete Data Safety Forms. Android enforces scoped storage, isolating apps in sandboxed environments to reduce data leakage risks. Visual indicators for microphone and camera usage were introduced in Android 12, and Android 14 requires apps to specify the nature of access. In-app transactions in gaming apps must meet elevated security standards, including encryption and biometric logins, and undergo audits under PCI DSS. Background access for location services requires clear justification, and developers must submit a Permission Declaration Form. Google Play mandates disclosure of third-party SDKs and their data practices. User awareness is emphasized through concise permission dialogs and Data Safety summaries in Play Store listings. Secure login protocols like OAuth 2.0 are required for sensitive applications, with stronger encryption mandates. Apps for children must comply with COPPA and GDPR-K regulations, with manual reviews by the Play Store. Google's Privacy Sandbox initiative aims to enhance privacy in advertising practices, with expected rollout in 2024.

AppWizard

June 20, 2025

GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps

Zimperium zLabs has identified a new version of the GodFather Android banking malware that uses on-device virtualization to infiltrate legitimate banking and cryptocurrency applications. This malware creates an isolated virtual environment on the victim's device, allowing attackers to observe and manipulate user interactions in real time. It employs a malicious host application with a virtualization framework that downloads and executes a copy of the targeted app, capturing credentials and sensitive information. GodFather targets nearly 500 applications globally, particularly focusing on Turkish financial institutions. It utilizes evasive tactics, including ZIP manipulation and obfuscation, to evade detection and installs its payload through a session-based dropper technique. The malware retains traditional overlay attacks and has extensive remote control capabilities, posing a significant threat to mobile security and user trust.

AppWizard

June 20, 2025

Godfather Android malware takes over banking apps

A new version of the Android malware Godfather creates isolated virtual environments on mobile devices to steal account details and transactions from banking apps. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, utilizing a fully virtual file system, virtual process IDs, intent spoofing, and a component called StubActivity. Godfather manifests as an APK app with a virtualization framework, scanning for targeted applications and encapsulating them within its virtual environment. It intercepts permissions for accessibility services, redirecting them to a StubActivity that launches the virtual version of the banking app, allowing it to capture sensitive information. The malware can record account details, passwords, and PIN codes using Xposed for API hooking. It employs a fake lock screen overlay to trick users into entering their credentials and can manipulate user interfaces and execute transactions within the legitimate banking app. Godfather first emerged in March 2021 and has evolved significantly since then, with the latest iteration demonstrating advancements from previous versions.

AppWizard

June 19, 2025

Godfather Android malware now uses virtualization to hijack banking apps

A new iteration of the Android malware "Godfather" has emerged, utilizing advanced techniques to create isolated virtual environments on mobile devices for stealthy account data theft and transaction manipulation from legitimate banking applications. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, employing a comprehensive virtual filesystem, virtual Process ID, intent spoofing, and a component called StubActivity. Godfather is delivered as an APK app with an embedded virtualization framework, scanning for installed target applications and launching them within its virtual environment. It intercepts user interactions with genuine banking apps, capturing sensitive data like credentials and PINs while presenting a legitimate interface. The malware can execute commands to unlock devices and initiate transactions while avoiding detection. Godfather first appeared in March 2021 and has evolved significantly since then, with the latest version representing a notable advancement over previous iterations. Users are advised to download apps only from trusted sources and remain cautious about app permissions to protect against this malware.

Tech Optimizer

June 19, 2025

5 Backend Tools That’ll Cut Your Dev Time in Half (2025 Stack)

Many developers rely on traditional tools like Redis, RabbitMQ, PostgreSQL, and ORMs due to familiarity, but there are newer alternatives that can improve performance and simplify workflows. 1. **Litefs**: A tool that enables SQLite in production with real-time replication across regions, allowing for global scaling with minimal latency, ideal for edge computing scenarios. 2. **Temporal.io**: A workflow engine that guarantees execution for background jobs, eliminating lost orders or stuck payments, and remembers everything even after crashes. 3. **DragonflyDB**: A drop-in replacement for Redis that is four times faster, capable of handling millions of requests per second with built-in horizontal scaling. 4. **sqlc**: A tool that generates type-safe Go/Postgres code directly from SQL, avoiding ORM complexities and runtime SQL errors. 5. **Benthos**: A tool for connecting Kafka, databases, APIs, and WebSockets using simple YAML configuration, supporting over 200 integrations. 6. **Earthly**: A CI/CD tool that combines Docker and Makefile for deterministic builds, ensuring reproducible builds and avoiding common CI pipeline failures.

AppWizard

June 19, 2025

GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data

Cybersecurity researchers at Zimperium zLabs have discovered a new variant of the GodFather Android malware that uses on-device virtualization to hijack legitimate mobile applications, primarily targeting banking and cryptocurrency apps. This malware installs a concealed host application that downloads a genuine version of the targeted app within a controlled environment, redirecting users to this manipulated version. It monitors user actions in real time, capturing sensitive information like usernames and passwords. The GodFather malware targets 484 applications globally, with a focus on 12 financial institutions in Turkey. It employs traditional overlay attacks and uses legitimate open-source tools to evade detection. The malware manipulates APK files, relocates malicious code, and utilizes Android’s accessibility services to deceive users into granting permissions. It also encodes critical information to complicate tracking efforts and transmits screen details back to attackers for real-time monitoring.

Tech Optimizer

June 14, 2025

Hackers are sneaking malware into your browser using Google’s link, and antivirus software can’t stop it

A new browser-based malware campaign exploits trusted domains like Google.com to bypass traditional antivirus defenses. The malware operates through an e-commerce site using a manipulated Google OAuth logout URL, which executes an obfuscated JavaScript payload. This script activates silently during checkout or when the browser appears automated, opening a WebSocket connection to a malicious server. Payloads are dynamically executed using JavaScript, enhancing the threat's effectiveness. The attack evades detection by many antivirus programs due to its obfuscation and conditional activation. DNS filters and firewall rules offer limited protection since the initial request goes to a legitimate domain. Advanced users may use content inspection proxies or behavioral analysis tools to detect anomalies, but average users remain vulnerable. Recommendations to mitigate risks include limiting third-party scripts and maintaining separate browser sessions for financial transactions.

Winsage

June 11, 2025

‘Classic Apple’: Why Apple is taking the slow road with AI

Apple held its annual Worldwide Developers Conference (WWDC) in Cupertino, California, where it announced updates to its software ecosystem but did not introduce major AI announcements. The company plans to open its AI software to third-party developers, allowing access to on-device language models, which could lead to innovative software solutions and enhance user privacy. New features include live real-time translation in Phone, FaceTime, and Messages, improvements to the Visual Intelligence app, AI capabilities in the Reminders app, and a generative AI-powered fitness coach in the Apple Watch's Workout app. These updates aim to integrate AI into Apple's operating systems, positioning the company competitively in the AI landscape.

Tech Optimizer

June 10, 2025

Why Instacart Moved to Postgres & pgvector to Boost Semantic Search

Instacart serves 14 million daily users and manages billions of products, necessitating advanced search capabilities that go beyond keyword matching to understand user intent. The search system must reflect real-time inventory changes, leading to significant workloads on the database. Instacart transitioned from Elasticsearch and FAISS to a hybrid architecture using Postgres and pgvector, improving search performance and reducing write workloads by tenfold. This normalization allowed for better storage of machine learning features and improved flexibility. Moving compute closer to storage with NVMe resulted in a twofold increase in search performance. Instacart's migration to pgvector eliminated data duplication and operational complexity, enhancing search quality and user satisfaction, evidenced by a 6% decrease in searches with zero results.