Cyber Briefing: 2025.06.20
Godfather hijacks apps via virtualization, Amatera evades EDR, winos 4.0 hits Taiwan. 16B credentials leaked, China hits Viasat, Tonga health system hit, UK data law stirs EU concern,$225M crypto bust
👉 What's happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. New Godfather Trojan Hijacks Banking Apps
A new version of the Godfather Android banking trojan is using on-device virtualization to create isolated environments where it can hijack legitimate financial apps to steal data and manipulate transactions. The malware, analyzed by Zimperium, installs a host application containing a virtualization framework and then runs a copy of a targeted banking or crypto app within its controlled sandbox. When a user tries to open their real financial app, they are unknowingly redirected to the virtualized instance, allowing the malware to record credentials, PINs, and trigger fraudulent payments. This sophisticated technique, which targets over 500 applications globally, represents a significant evolution in mobile malware, moving beyond simple screen overlays to full in-app spying.
2. New Amatera Stealer Delivered By ClearFake
Cybersecurity firm Proofpoint has identified Amatera Stealer, a rebranded and significantly enhanced version of the ACR Stealer, which is being actively sold as a Malware-as-a-Service on underground forums. The infostealer is primarily distributed through sophisticated web injection campaigns like ClearFake, which use social engineering tactics such as fake CAPTCHA pages to trick users into running malicious code. Amatera employs advanced evasion techniques to bypass security tools, including the use of NTSockets to hide its C2 communication and WoW64 Syscalls to evade EDR hooks. This malware poses a significant threat as it can steal a wide array of data from browsers and crypto wallets, and its continuous evolution challenges modern cybersecurity defenses.
3. Winos 4.0 Malware Hits Taiwan Via Tax Phish
A sophisticated malware campaign has been targeting organizations across Taiwan since January 2025 with a new malware strain known as winos 4.0. The attack begins with phishing emails that impersonate Taiwan’s National Taxation Bureau, using malicious attachments to trick recipients into downloading the payload. Once executed, the multi-stage malware establishes persistence through registry manipulation and uses advanced evasion tactics like DLL sideloading to hide its presence. Winos 4.0 also features a complex privilege escalation process to ultimately gain maximum system control for data theft and further exploitation of the network.
For more alerts, click here!
💥 Cyber Incidents
4. Massive Leak Exposes 16 Billion Credentials
Cybersecurity researchers have uncovered one of the largest data breaches in history, a collection totaling a staggering 16 billion login credentials. This massive trove of data was not from a single company hack but was compiled from 30 different datasets originating from infostealer malware. The fresh, weaponizable intelligence provides criminals with a "blueprint for mass exploitation," enabling widespread account takeovers and identity theft. The exposed credentials reportedly cover a vast range of online services, including major tech platforms, social media, and even government portals.
5. Chinese Spies Target Satellite Giant Viasat
Satellite communications provider Viasat was identified as the latest victim of the Chinese state-sponsored cyber-espionage group known as Salt Typhoon. The security breach was part of a wider campaign that also compromised other major American telecommunications firms and critical infrastructure. Following an investigation, Viasat stated the incident has been remediated and reported no evidence of any impact on its customers. Despite these assurances, federal officials caution that the sophisticated hacking group could still linger undetected within compromised networks.
6. Tonga Health System Down After Ransomware
Tonga's National Health Information System has been shut down following a significant ransomware attack which encrypted the nation's health records. The hackers are demanding a monetary payment, prompting Tongan officials to seek external assistance to manage the major crisis. As a result of the breach, healthcare staff have reverted to manual operations while the accessibility of patient data remains unknown. An expert cybersecurity team from Australia has since arrived in the country to help investigate the incident and restore the system.
For more incidents, click here!
📢 Cyber News
7. UK Data Law Risks EU Adequacy Deal
The United Kingdom's Data Use and Access Bill has officially become law, modifying the European data protection rules the country retained after Brexit. This new legislation relaxes some data processing rules for national security purposes while significantly increasing fines for direct marketing violations. The British government claims these changes will boost the national economy and foster innovation across many different sectors. However, the new law creates uncertainty over whether the European Union will continue to find the UK's standards adequate for seamless data transfers.
8. US Seizes $225M In Record Crypto Bust
The U.S. Department of Justice has seized over $225 million in cryptocurrency, marking the largest such seizure in the history of the U.S. Secret Service. The funds were traced to a sophisticated money laundering network that was used to obscure the proceeds of investment fraud targeting over 400 victims. Using advanced blockchain analysis and with assistance from private partners like Tether, investigators successfully mapped the complex flow of stolen money. The assets were recovered through civil forfeiture and the next step in the process is to identify victims for restitution.
9. Argentina Busts Russian Disinformation Ring
Argentina's intelligence service has reportedly uncovered a group of suspected Russian spies accused of running extensive disinformation campaigns. The group is allegedly part of an organization called “The Company” which is linked to Project Lakhta, a known Russian interference operation. According to an Argentine official their goal was to spread pro-Moscow propaganda, influence local groups and gather political intelligence. The Argentine government has firmly stated that the country will not be subjected to the influence of any foreign nation.
For more news, click here!
💡 Cyber Tip
Avoid APKs as Godfather Trojan Clones Banking Apps to Steal Data
A dangerous new version of the Godfather Android malware is now using on-device virtualization to trick users into entering sensitive banking details. Instead of using fake overlays, the malware runs real copies of banking or crypto apps inside a virtual sandbox, making it nearly impossible to detect. Victims think they’re using their actual apps, but every tap, PIN, and password is secretly recorded and abused for financial theft.
✅ What you should do:
Only download apps from Google Play or verified publishers, avoid APKs from unknown sources.
Check app permissions carefully before and after installing. Malware often asks for Accessibility or Overlay access.
Disable Developer Options on your phone unless absolutely needed as it reduces the risk of hidden frameworks being used.
Regularly review your installed apps for anything unfamiliar or suspicious-looking.
Use a mobile antivirus or security app that can detect virtualization-based malware techniques.
🔒 Why this matters:
This attack shows that even strong two-factor protection can be bypassed if attackers fool you into granting trust. Staying cautious with App Passwords is essential to keeping your account safe.
📚 Cyber Review
Join us for a powerful edition of Cyber Review – featuring Phil Ferraro, veteran cybersecurity executive and author of the essential guide Cybersecurity: Everything You, Your Family, And Every Small Business Owner Needs to Know. Being a seasoned cybersecurity leader and author , Ferraro delivers a timely, no-nonsense roadmap for navigating today’s digital risks. In this practical session, we talk about the everyday cybersecurity challenges faced by individuals, families, and small business owners.
From safeguarding personal data to avoiding common traps set by cybercriminals, Phil shares real-world scenarios, expert advice, and clear, actionable steps that anyone, regardless of technical background, can take to stay secure. Whether you're a parent, entrepreneur, or simply trying to protect your digital life, this is one conversation you won’t want to miss. Learn how to build a security-first mindset in a hyper-connected world.
Don’t forget to like, comment, and subscribe for more expert-led insights on cybersecurity for real life.
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.