payments Archives

AppWizard

June 20, 2025

‘Godfather’ Malware Is Now Hijacking Banking Apps on Android

The latest version of the "Godfather" malware targets Android devices, capable of hijacking legitimate banking applications and complicating detection. Initially detected in 2021, it used screen overlay attacks to trick users into entering sensitive information. The new iteration introduces a virtualization capability, creating a virtual environment on the device that allows it to intercept and manipulate user interactions with banking apps. This malware can harvest account credentials and exert remote control over the device, enabling unauthorized transactions. Currently, it affects nearly 500 applications, primarily targeting banks in Turkey, with potential for global spread. Users are advised to download apps only from trusted sources, modify permission settings, enable Google Play Protect, keep devices updated, and audit installed applications to protect against this threat.

AppWizard

June 20, 2025

Godfather Android malware takes over banking apps

A new version of the Android malware Godfather creates isolated virtual environments on mobile devices to steal account details and transactions from banking apps. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, utilizing a fully virtual file system, virtual process IDs, intent spoofing, and a component called StubActivity. Godfather manifests as an APK app with a virtualization framework, scanning for targeted applications and encapsulating them within its virtual environment. It intercepts permissions for accessibility services, redirecting them to a StubActivity that launches the virtual version of the banking app, allowing it to capture sensitive information. The malware can record account details, passwords, and PIN codes using Xposed for API hooking. It employs a fake lock screen overlay to trick users into entering their credentials and can manipulate user interfaces and execute transactions within the legitimate banking app. Godfather first emerged in March 2021 and has evolved significantly since then, with the latest iteration demonstrating advancements from previous versions.

AppWizard

June 19, 2025

Godfather Android malware now uses virtualization to hijack banking apps

A new iteration of the Android malware "Godfather" has emerged, utilizing advanced techniques to create isolated virtual environments on mobile devices for stealthy account data theft and transaction manipulation from legitimate banking applications. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, employing a comprehensive virtual filesystem, virtual Process ID, intent spoofing, and a component called StubActivity. Godfather is delivered as an APK app with an embedded virtualization framework, scanning for installed target applications and launching them within its virtual environment. It intercepts user interactions with genuine banking apps, capturing sensitive data like credentials and PINs while presenting a legitimate interface. The malware can execute commands to unlock devices and initiate transactions while avoiding detection. Godfather first appeared in March 2021 and has evolved significantly since then, with the latest version representing a notable advancement over previous iterations. Users are advised to download apps only from trusted sources and remain cautious about app permissions to protect against this malware.

Tech Optimizer

June 19, 2025

5 Backend Tools That’ll Cut Your Dev Time in Half (2025 Stack)

Many developers rely on traditional tools like Redis, RabbitMQ, PostgreSQL, and ORMs due to familiarity, but there are newer alternatives that can improve performance and simplify workflows. 1. **Litefs**: A tool that enables SQLite in production with real-time replication across regions, allowing for global scaling with minimal latency, ideal for edge computing scenarios. 2. **Temporal.io**: A workflow engine that guarantees execution for background jobs, eliminating lost orders or stuck payments, and remembers everything even after crashes. 3. **DragonflyDB**: A drop-in replacement for Redis that is four times faster, capable of handling millions of requests per second with built-in horizontal scaling. 4. **sqlc**: A tool that generates type-safe Go/Postgres code directly from SQL, avoiding ORM complexities and runtime SQL errors. 5. **Benthos**: A tool for connecting Kafka, databases, APIs, and WebSockets using simple YAML configuration, supporting over 200 integrations. 6. **Earthly**: A CI/CD tool that combines Docker and Makefile for deterministic builds, ensuring reproducible builds and avoiding common CI pipeline failures.

AppWizard

June 19, 2025

GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data

Cybersecurity researchers at Zimperium zLabs have discovered a new variant of the GodFather Android malware that uses on-device virtualization to hijack legitimate mobile applications, primarily targeting banking and cryptocurrency apps. This malware installs a concealed host application that downloads a genuine version of the targeted app within a controlled environment, redirecting users to this manipulated version. It monitors user actions in real time, capturing sensitive information like usernames and passwords. The GodFather malware targets 484 applications globally, with a focus on 12 financial institutions in Turkey. It employs traditional overlay attacks and uses legitimate open-source tools to evade detection. The malware manipulates APK files, relocates malicious code, and utilizes Android’s accessibility services to deceive users into granting permissions. It also encodes critical information to complicate tracking efforts and transmits screen details back to attackers for real-time monitoring.

AppWizard

June 17, 2025

iState: A Russian Government Messenger?

On June 10, the Russian State Duma approved the establishment of a national messenger to be pre-installed on all newly sold smart devices starting September 1. This app will include a digital ID system and aims to streamline access to government services, identity verification, contract signing, and banking transactions. The initiative is inspired by China's WeChat but raises concerns about surveillance and data storage by the Russian government. The specific application for the national messenger has not yet been finalized, with Max, developed by VKontakte, being a leading candidate. Legal expert Sarkis Darbinyan doubts that Max will attract WhatsApp's user base and predicts it will be limited to domestic use without end-to-end encryption. Despite these issues, State Duma IT Committee head Sergei Boyarsky believes that existing messaging platforms like WhatsApp and Telegram will continue to operate if they comply with Russian laws.

AppWizard

June 13, 2025

You Might Have Just a Few Months to Use Android Instant Apps

Google will discontinue its Instant Apps feature for Android by the end of 2025 due to limited adoption and usage. Support for Instant Apps will cease in December 2025, including the discontinuation of publishing capabilities and associated Google Play Instant APIs. Tooling support within Android Studio will also be removed. The feature, which debuted in 2017, allowed users to run lightweight versions of applications without installation. Users needed to enable the feature through Google Play to access app-like interfaces instantly when tapping links.

Tech Optimizer

June 7, 2025

CISA Warns of Rising Play Ransomware Threat to Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical advisory on December 18, 2023, regarding the rising threat of Play Ransomware, which targets various organizations, particularly critical infrastructure and public sector entities. The advisory details the tactics used by Play Ransomware actors, including exploiting unpatched systems and phishing campaigns, leading to severe consequences like data encryption and high ransom demands. The ransomware can disable antivirus software and exfiltrate sensitive data before encryption. Play Ransomware employs double extortion tactics, threatening to leak stolen data if ransoms are not paid. CISA recommends organizations prioritize patch management, implement multi-factor authentication, train employees to recognize phishing attempts, and maintain regular offline data backups. The advisory calls for collaboration between public and private sectors to combat this threat and emphasizes the importance of information sharing to stay ahead of ransomware tactics.

Winsage

June 7, 2025

If you’re sick of software subscriptions, check this out

A Microsoft Office Pro lifetime license is available for .97, significantly reduced from its usual price of 9.99. This license includes Word, Excel, PowerPoint, Outlook, OneNote, Publisher, Access, and the free version of Teams. It allows installation on a single Windows PC and is tied to the device rather than a Microsoft account. The software supports all languages, includes complimentary customer support, and provides updates at no extra cost.

AppWizard

June 7, 2025

Elon Musk Confirms New ‘XChat’ Messaging Option Rolling Out This Week

Elon Musk announced the rollout of a new feature called “XChat” for select X Premium subscribers, set to reach all paying users within a week. XChat includes enhanced messaging features such as full encryption by default, vanishing messages, the ability to send file attachments, and audio/video calls without a phone number. The service is built using "Rust with (Bitcoin style) encryption.” Musk envisions integrating messaging with financial transactions, aiming to launch X Payments later this year, similar to WeChat's model in China. Despite challenges in attracting Western consumers to comprehensive platforms, Musk's experience in payments may help make XChat appealing. The updated XChat begins its rollout this week, subject to potential scaling issues.