Strange Loop Conference | "Unmasking the Godfather - Reverse Engineering the Latest Android Banking Trojan" by Laurie Kirk @StrangeLoopConf | Uploaded October 2023 | Updated October 2024, 1 week ago.
Banking malware has wreaked havoc on millions of Android users over the last few years, employing advanced stealth techniques to evade detection. During this presentation, I will reverse engineer the Java code of the pervasive Godfather Android banking malware demonstrating how to recognize its modern devious tactics. The Godfather malware surfaced towards the end of 2022 as another family dedicated to stealing banking data and funds from victims. Initial infection spawns from abuse of core Android system services and accomplish their theft by spying on infected devices, exfiltrating data, or performing remote device commands. Some banking trojans even generate fake HTML overlays designed to trick users into willingly entering credentials. But don’t worry, I’m not just here to scare you! By the end of this talk, you will thoroughly understand the Godfather’s deceptive functionality and likely think twice before granting an application extra permissions.
Laurie Kirk
Reverse Engineer at Microsoft
@lauriewired
I currently work as a Security Researcher at Microsoft in incident response. I specialize in cross-platform malware analysis with a focus on mobile threats. I also run a YouTube channel (@LaurieWired) that covers all sorts of in-depth Malware Analysis, Reverse-Engineering, Exploitation and security topics. youtube.com/@lauriewired I worked as a Software Engineer for an aerospace company before finding my current calling in Cyber Security. I received my Bachelor's Degree from Florida State University in Computer Science with a minor in Math. There, I dove into learning computer architecture, algorithms, and my favorite, low-level programming.
----
Recorded Sept 22, 2023 at Strange Loop 2023 in St. Louis, MO.
thestrangeloop.com
Banking malware has wreaked havoc on millions of Android users over the last few years, employing advanced stealth techniques to evade detection. During this presentation, I will reverse engineer the Java code of the pervasive Godfather Android banking malware demonstrating how to recognize its modern devious tactics. The Godfather malware surfaced towards the end of 2022 as another family dedicated to stealing banking data and funds from victims. Initial infection spawns from abuse of core Android system services and accomplish their theft by spying on infected devices, exfiltrating data, or performing remote device commands. Some banking trojans even generate fake HTML overlays designed to trick users into willingly entering credentials. But don’t worry, I’m not just here to scare you! By the end of this talk, you will thoroughly understand the Godfather’s deceptive functionality and likely think twice before granting an application extra permissions.
Laurie Kirk
Reverse Engineer at Microsoft
@lauriewired
I currently work as a Security Researcher at Microsoft in incident response. I specialize in cross-platform malware analysis with a focus on mobile threats. I also run a YouTube channel (@LaurieWired) that covers all sorts of in-depth Malware Analysis, Reverse-Engineering, Exploitation and security topics. youtube.com/@lauriewired I worked as a Software Engineer for an aerospace company before finding my current calling in Cyber Security. I received my Bachelor's Degree from Florida State University in Computer Science with a minor in Math. There, I dove into learning computer architecture, algorithms, and my favorite, low-level programming.
----
Recorded Sept 22, 2023 at Strange Loop 2023 in St. Louis, MO.
thestrangeloop.com
