While movie gangster Vito Corleone never had to navigate cybersecurity threats, he was still careful about how he conducted his banking. And the rest of us should be, too. Which is why Santa Rosa-based Poppy Bank this week issued a “critical cybersecurity alert” about the so-called “Godfather Malware,” a newly evolving threat targeting mobile banking users.
The malware keys in on mobile apps—particularly those on Android devices—in an effort to steal login information from users of financial apps. “Its tactics are deceptive, its design sophisticated and its reach widespread,” Poppy Bank officials described in a press release about the malware. Poppy officials compared it to a Trojan Horse—it appears as a legitimate app from your personal bank, but, once installed, “it overlays a fake login screen on top of a real banking app, tricking users into entering their credentials.”
Once installed, the app can record keystrokes, bypass two-factor authentication, intercept text messages and steal contact and account information.
“Victims download it unknowingly by installing fake versions of trusted apps from third-party app stores, fake updates or phishing links,” Poppy’s announcement said.
The announcement highlighted various ways to protect devices and accounts, including:
- Download apps exclusively from official sources like the Apple App Store or Google Play Store.
- Avoid clicking on suspicious links, especially from unsolicited emails or text messages.
- Turn on two-factor authentication (2FA) for added protection.
- Update your phone’s operating system and apps regularly to patch known vulnerabilities.
- Use strong and unique passwords for each account.
