Godfather Android malware

Posted: December 24, 2023
from Cybersecurity Glossary
Data Theft And Exfiltration, Espionage And Surveillance, Installation Of Additional Malware, System Manipulation And Control, Further Propagation And Spreading To Other Devices.
Risk Level:

The Godfather Android malware is an advanced banking trojan capable of extracting data from over 400 banking sites and cryptocurrency exchanges. Its likely Russian origin is evident as it avoids targeting users with device language set to Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik.

Possible symptoms

  • Unusual behavior in banking and cryptocurrency apps, such as unauthorized transactions or access
  • Unexpected battery drain due to background malicious activities
  • Increased data usage as the malware communicates with command and control servers
  • System slowdowns or crashes, particularly when using financial applications

Sources of the infection

  • Malicious app downloads from unofficial or third-party app stores
  • Phishing campaigns, including deceptive emails or SMS containing malicious links or attachments
  • Compromised websites hosting exploit kits that target vulnerabilities in Android devices
  • Infected external storage devices, such as compromised SD cards, used in the mobile device
  • Exploiting unpatched vulnerabilities in the operating system or related software


The Godfather Android malware, identified as a Trojan, poses a significant threat through its multifaceted capabilities, including Data Theft and Exfiltration, Espionage and Surveillance, Installation of Additional Malware, System Manipulation and Control, and Further Propagation and Spreading to Other Devices.

The malware's primary objective is to infiltrate banking and cryptocurrency apps, making it imperative for users to understand its characteristics and take appropriate measures for removal and prevention.

The Godfather Android malware, classified as an advanced banking trojan, exhibits a sophisticated ability to extract data from over 400 banking sites and cryptocurrency exchanges. Notably, its likely Russian origin is discernible as it refrains from targeting users with device languages set to Russian or several related languages.

Users can identify the presence of the Godfather malware through various symptoms, including unusual behavior in banking and cryptocurrency apps, unexpected battery drain, increased data usage for communication with command and control servers, and system slowdowns or crashes during financial application usage.

Sources of infection encompass malicious app downloads from unofficial or third-party stores, phishing campaigns via deceptive emails or SMS, compromised websites hosting exploit kits, infected external storage devices like compromised SD cards, and exploitation of unpatched vulnerabilities in the Android operating system or related software.

If an infection is suspected, immediate action is crucial. Disconnecting the device from the internet, running a reputable mobile antivirus or anti-malware scan, changing passwords (especially for financial accounts), monitoring financial transactions, and considering a factory reset are recommended steps to mitigate the impact of the Godfather Android malware.

Preventive measures against this Trojan include downloading apps exclusively from official stores, regular updates of the Android operating system and apps to patch vulnerabilities, employing a reputable mobile security solution with real-time scanning, exercising caution with links and attachments, and judiciously granting app permissions.

🤔 What to do?

If you suspect your device is infected with the Godfather Android malware, take the following steps:

  1. Disconnect your device from the internet to prevent further data leakage.
  2. Run a reputable mobile antivirus or anti-malware scan to detect and remove the malware.
  3. Change all passwords, especially those related to banking and cryptocurrency accounts.
  4. Monitor your financial transactions and report any suspicious activities to your bank or relevant authorities.
  5. Consider a factory reset of your device to ensure complete removal of the malware.

🛡️ Prevention

To prevent the Godfather Android malware infection, follow these security measures:

  • Only download apps from official app stores like Google Play.
  • Regularly update your Android operating system and apps to patch vulnerabilities.
  • Use a reputable mobile security solution with real-time scanning and protection.
  • Avoid clicking on suspicious links or downloading attachments from unknown sources.
  • Be cautious when granting permissions to apps and only provide necessary access.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware