Godfather Malware

Is Your Banking App Safe? What You Need to Know About Godfather Malware

Blog
August 20, 2025

By Cindy Schubert
Senior Vice President - Operations

In today's interconnected world, mobile banking has become an essential part of our daily lives. At Security National Bank, we are committed to providing you with the most convenient and secure banking experience possible. However, as technology evolves, so do the tactics of cybercriminals. We're here to warn you about a particularly sophisticated threat known as Godfather malware, a type of harmful software that targets mobile devices and can put your financial information at risk.

What is Godfather Malware?

Godfather malware is a banking trojan that operates on smartphone devices. Its primary goal is to steal your sensitive information, such as login credentials, passwords, and even multi-factor authentication (MFA) codes. What makes it so dangerous is its ability to mimic legitimate banking applications so convincingly that you won't even realize you've been compromised.

This malware often spreads through deceptive means, such as:

  • Unofficial App Stores and Repackaged Apps: Godfather is commonly found in fake or "repackaged" apps downloaded from third-party or unofficial app stores, or even through links in phishing texts and emails.

Figure 1 - Screenshot of a malicious application linked to
Godfather distribution in the Google Play Store. Source: Eclecticiq.com

 

  • Deceptive Permissions: Once installed, it may masquerade as a legitimate service, like a "Google Protect" scanner, and trick you into granting it extensive permissions, particularly Accessibility Services. This gives the malware the keys to your device, allowing it to see what's on your screen and intercept your data.

Figure 2 - Godfather malware installing itself as a fake Google Protect
application targeting Spanish-speakers. Source: Eclecticiq.com

How Godfather Hijacks Your Banking App 

Godfather's new and highly effective technique is what makes it so hard to detect. Instead of just displaying a fake login screen over your app, it creates a virtual environment on your device. When you try to open your legitimate banking app, the malware redirects you to a malicious, virtual copy.

Figure 3 - Godfather malware requesting access to Accessibility Services. 
Source: Eclecticiq.com

You see what looks like your normal banking interface, but every login detail you enter is being captured by the criminals. This allows them to:

  • Steal your login credentials: They can take your usernames, passwords, and PINs.
  • Bypass two-factor authentication (2FA): By intercepting text messages and push notifications, they can steal the one-time codes you receive, effectively bypassing this security step.
  • Remotely control your device: With full control, they can initiate unauthorized transactions and drain your accounts without you even noticing.

How to Protect Yourself 

While this threat is serious, you can take proactive steps to protect yourself and your finances.

  • Download Apps from Official Sources Only: Always use the Google Play Store for Android. Avoid third-party app stores or downloading apps from suspicious links in emails or text messages.
  • Enable Google Play Protect: Make sure this built-in security feature is turned on, as it scans for harmful apps.
  • Review App Permissions Carefully: Be wary of apps that request excessive permissions, especially if they ask for access to your "Accessibility Services" when it doesn't make sense for the app's function.
  • Use Strong, Unique Passwords and Biometrics: Use a unique, complex password for your banking app and enable fingerprint or facial recognition for an extra layer of security.
  • Keep Your Phone Updated: Install the latest operating system and app updates as soon as they're available.
  • Monitor Your Accounts Regularly: Check your bank statements and transaction history often for any unusual activity. If you see something you don't recognize, contact us immediately.

What to Do If You've Been Compromised

If you suspect your phone has been infected with Godfather malware or you see unauthorized activity on your accounts, take these steps immediately:

  1. Disconnect Your Phone: Immediately disable your Wi-Fi and mobile data to prevent the malware from communicating with the criminals.
  2. Delete Suspicious Apps: Remove any unfamiliar or questionable apps from your device.
  3. Contact Us: Call us right away to report the potential fraud. We can help you secure your accounts and take steps to protect your finances.
  4. Change Your Passwords: Use a different, clean device to change all your passwords, starting with your banking credentials and email.
  5. Factory Reset Your Phone: As a last resort, performing a factory reset can help eliminate the malware, but be sure to back up essential data first.

We are constantly working to keep your accounts safe. By staying informed and practicing good mobile security habits, you can significantly reduce your risk of falling victim to threats like Godfather malware. Subscribe to stay updated about the latest scams at SNBSD.com/newsletter.

About the Author

Cindy Schubert

Cindy Schubert is the Senior Vice President of Operations at Security National Bank, overseeing informational technology and other bank support services. She has more than three decades of financial operations experience, and has served at SNB since 1993.

Related Articles

5 Money Mistakes Every College Student Makes (And How to Avoid Them) August 20, 2025

With a little financial awareness - and some help from parents and guardians - college students can avoid these common campus cash blunders.
Lost Benefits? Medicare Penalties? Your Answers to Top Retirement Questions July 15, 2025

Retirement is more than just stopping work; it's stepping into a new phase of life, full of potential and new experiences. But with this excitement often comes a natural set of questions about how to best prepare and navigate the journey. At Security National Bank, we believe in empowering you with the knowledge to make informed decisions.

The Student Loan Repayment Pause Has Ended: 5 Things You Need To Know June 18, 2025

For many Americans, the government's student loan payment break, which started in 2020 because of the COVID-19 pandemic, gave people much-needed financial relief. However, as you've probably heard, that payment pause has now officially ended.