Smartphone malware

GodFather is the name of a banking trojan that targets Android devices. Developers behind this malware seek to exfiltrate account credentials and use them for accessing 400+ online banking pages and crypto exchanges across 16 countries worldwide. The GodFather trojan functions by creating overlaid log-in screens and displaying them over legitimate apps or web pages. This way, it tricks users into entering their login data on fake screens, which allows threat actors to access finance-related accounts and abuse them for financial fraud. Before GodFather becomes capable of performing such malicious action, it needs users to allow certain permissions (access to SMS texts and notifications, screen recording, contacts, making calls, recording to external storage, and reading the device status) in the Accessibility Service window. The trojan does it by imitating the legitimate "Google Protect" tool, therefore making the process look ordinary and less likely to trigger suspicion from users. After the permissions are granted, the trojan gets complete liberty to run its malicious actions. GodFather also abuses the granted access to complicate manual removal, steal two-factor authentication codes, process different commands, and hijack data from PIN and password fields. If you want to learn more about the technical specs of GodFather banking trojan, you can check out this page. In summary, GodFather is a highly-devastating infection that can lead to significant financial losses, which is why it must be removed completely and without traces from your device. Use our guide below to do it.

Almost every popular browser can brag about the inbuilt push notifications feature that allows users to subscribe to notifications from various websites such as news portals and receive them right on the desktop. This way, users can get a faster and more convenient experience by staying aware of the latest updates from the desired webpage. In some cases, however, inexperienced users may become victims of dubious pages that promote unwanted or malicious ads by tricking users into allowing their push notifications. Such pages often display fake messages similar to "Press Allow to verify that you are not a robot", "Download is ready. Click Allow to download your file", and so forth. After allowing push notifications from such websites, the user's desktop will start being continuously bombarded by unwanted notifications that promote redirects to suspicious/malicious pages. No matter which type of website you've eventually subscribed to, read our guide below to turn off normal and also potentially malicious push notifications if that is the case.

Cypher is a remote administration trojan (RAT) promoted by cybercriminals to control Android devices and run a number of malicious actions on them. Once it hacks an Android device, threat actors become able to manage almost the whole device for achieving their purposes. Cypher is also a public trojan that can be purchased by anyone in form of subscription plans on the developers' website. One of the special features that cybercriminals behind Cypher get access to is the so-called clipboard hijacker. It is designed to substitute copied addresses of crypto wallets with ones owned by trojan owners. In other words, if a victim runs some cryptocurrency transaction while the trojan is on the smartphone, cybercriminals will be able to stealthily replace the copied address and receive the payment to their wallet instead. Apart from this, Cypher RAT has a plethora of other capabilities typical for such malware. For instance, it can change smartphone wallpapers, manage calls and SMSs, force-open various apps, manipulate the screen, memorize keyboard strokes, take screenshots, use a microphone to record incoming audio, analyze the device location, download additional software, read 2-factor authentication codes, imitate log-in windows, and other such functions aimed at benefiting cybercriminals in any desired way.

Clicker is a malicious piece of software that infects Android-based devices. Upon successful infiltration, the malware waits out some time before running its actions - most likely to prevent any suspicion from users. The main purpose of Clicker is to stealthily browse various webpages in the background, away from the consent of users. While doing this, the program seeks to extract browser-related information, such as history, IP-addresses, geolocations, and other potentially useful information. The collected data can be sold to shady companies for targeting internet users with low-quality advertising campaigns. When Clicker Malware runs its unwanted activity, users might begin to spot significant drops in browsing and internet performance in general. To run its actions, the malware requires a lot of network resources, therefore, leading to cuts in the speed of the internet. Unless you use an unlimited data tariff or Wi-Fi connection, the malware can also make you experience financial loss driven by increased usage of mobile data. At the moment, these are the all known functionalities implemented by Clicker Malware, however, not excluded that future versions (if released by developers) will acquire a broader range of features that may be even more harmful than these. If you suspect your smartphone to be infected with Clicker or some other malware, we thereby recommend you delete it using our instructions below.

FlyTrap is a trojan infection designed to steal Facebook accounts and use them for future abuse. An authoritative security company named Zimperium researched this malware and confirmed its activity across 100+ countries with at least 10,000 users affected by it. According to reports, many have been affected by FlyTrap via a malicious application that promotes coupons, discounts, and other similar content. Clicking on such content can lead to a fake verification window demanding login credentials for a Facebook account. After successfully retrieving the inserted data and accessing the targetted Facebook account, FlyTrap becomes able to inject malicious JavaScript code in order to collect sensitive information (e.g., IP-addresses, geolocations, e-mail addresses, internet cookies, tokens, etc.). The stolen accounts may thereafter be abused for scamming friends or spreading malware via malicious links or attachments. Thus, FlyTrap is a dangerous infection that may lead to massive security problems and compromise users' identities. Follow our guide below to get rid of the virus from your Android smartphone. After doing so, it is important to change passwords and notify your friends/contacts about the committed hacking.

S.O.V.A. is a banking trojan virus designed to extract finance-related information from Android devices. Specifically, it was spotted to do so on devices ranging from 7 to 11 Android versions. While being distributed under the disguise of ostensibly legitimate software, the sneaky trojan demands users to grant a number of device permissions. If such permissions are eventually given, the trojan will become capable of reading the device's screen and simulating fake log-in windows to bait users into entering their credentials. As mentioned, the main target of S.O.V.A. is banking information, which means it is likely the trojan will try to collect information from banking applications, cryptocurrency wallets, and other places related to finance. Due to the keylogging abilities, the trojan can record all the typed keystrokes and abuse them for stealing accounts or performing unauthorized money transactions. In addition, it was also observed that S.O.V.A. has access to managing SMS messages and displaying various pop-ups. Allowing such malware to operate for too long may indeed lead to severe privacy issues and potential loss of finance. On top of that, the S.O.V.A. banking trojan is still considered under development and is expected to acquire more features (performing DDoS attacks, operating as screen-locking ransomware, impeding 2FAs (Two-Factor Authentications), and so forth) in future updates. Thus, if you suspect your Android is under the affection of this or similar infection, follow our guidelines below to remove it and ensure further protection against such threats.

Cleaner Update is a browser-based scam that targets Android users. Many people have observed it on various deceptive websites that lure users into downloading, installing, or even buying unwanted software. Pages promoting this scam it is necessary to perform the required actions to continue watching online content in "safe mode". One version of the scam displayed a pop-up message saying "Please download the free Cleaner app from the Google Play to continue watching in safe mode". Cleaner Update may not be entitled to this message only - in theory, it can also write other text pop-ups depending on users' geolocation and browser activity. If you allow a download of software from such kind of website, it will most likely result in unwanted or even malicious infection. As a result, this can lead to unauthorized changes in system/browser settings, slower smartphone performance, increased number of ads, and other dubious modifications. Note that even some software available on legitimate platforms like Google Play can be malicious and carry trojans or other kinds of malware. If you become a victim of the Cleaner Update scam, we, therefore, advise you to follow our guidelines below and make sure your smartphone is safe. Also, if you know what program got installed via this scam, this knowledge will come in handy while performing the steps.

Also known as Exo Android Bot, Exobot is a dangerous and highly-disruptive piece of malicious software designed to infiltrate Android devices. Exobot is similar to functions carried out by many banking trojans. In essence, it settles within a system and performs a number of phishing actions aimed at extracting valuable information from users (e.g. bank card credentials; passwords, log-ins, and even identity information). It does so by accessing Accessibility Services and manipulating an infected device through WiFi or Mobile networks. Alternatively, if there is no internet connection available, Exobot, is also capable of performing device control through SMS messages, which expands its abuse potential. In order to trick users into entering their credentials, cybercriminals may create simulated layers of popular apps (Google Play; WhatsApp, Viber, etc.) that pop on the screen and hardly differ from authentic ones. Smartphone trojans are usually granted extensive permissions giving full freedom to threat actors on what they can do. This includes forced device locking, blocked access to certain applications, screen capture, SMS management, microphone, and camera manipulation along with other compromising features as well. Exobot is especially known for the botnet feature allowing developers to link a number of infected devices and control them together from the same server to execute malicious steps. In conclusion, malware like Exobot is very devastating as it may lead you to deal with serious privacy issues, financial risks, downgraded device performance, or even identity theft. Thus, we recommend you follow our guidelines below and get rid of this virus as soon as you are able to.