Welcome to a deep-dive analysis of the notorious Godfather Android banking trojan. This repository contains notes, slides, and code related to my Strange Loop 2023 talk "Unmasking the Godfather".
In this presentation, I provide a reverse-engineering walkthrough to demystify one of the most contemporary threats in the mobile banking industry.
If you'd like to follow the session interactively, ensure you have these tools installed and their respective source codes downloaded:
- JADX - Java Decompiler/Disassembler for Android. Available here.
- Ghidra - C/C++ Decompiler/Disassembler. Available here.
- Docker-Android - A reliable Android emulator. Available here.
- Recaf - An emerging Java bytecode editor. Available here.
The slides accompanying the talk can be found in the repository at the following link:
My fully marked up Godfather Sample can be found at the following link:
Additional references to supplement the content of this talk:
- Comprehensive Anubis Banker Analysis (Work-in-Progress)
- How to Hook Android Methods with Frida
- Guide to Running an Android ARM Emulator
Explore and analyze these real-world samples of the Godfather and other Android banking trojans:
Access the complete Android Anubis source code here.
Archive Password: infected