New Android Malware ‘Crocodilus’ is Snapping Up Crypto Funds

The post New Android Malware ‘Crocodilus’ is Snapping Up Crypto Funds appeared on BitcoinEthereumNews.com.

The Crocodilus malware is employing social engineering tactics and accessibility features to steal cryptocurrency wallet credentials, primarily targeting Android users in Spain and Turkey. New Threat Targeting Android Users A newly identified malware named “Crocodilus” has been discovered targeting cryptocurrency wallets on Android devices. Uncovered by cybersecurity firm ThreatFabric, the banking trojan utilizes advanced social engineering tactics and accessibility logging to extract sensitive user data. The malware is distributed through malicious websites, social media, fake promotions, text messages, and third-party app stores, putting Android users at risk. How Crocodilus Operates Crocodilus disguises itself as a legitimate crypto-related application to deceive users. Once installed, it requests Accessibility Services permissions, which enable it to bypass security restrictions on Android 13 and later versions. With these permissions, the malware can remotely control infected devices, record keystrokes, and display fake overlays to steal user credentials. After installation, Crocodilus connects to a command-and-control (C&C) server, receiving instructions on which applications to target. It continuously monitors user activity, capturing accessibility events to log text input and take screenshots. Notably, it can exploit Google Authenticator, allowing attackers to access two-factor authentication (2FA) codes. Social Engineering Tactics One of Crocodilus’ most dangerous features is its ability to manipulate users into revealing their cryptocurrency wallet seed phrases. It does this by displaying a deceptive warning message stating: “Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet.” This trick coerces victims into voluntarily entering their seed phrases, which are then captured by the malware and transmitted to the attackers. Remote Access Capabilities Crocodilus functions as a remote access trojan (RAT), allowing cybercriminals to interact with infected devices in real time. Operators can navigate the user interface, swipe using gesture controls, and take screenshots. A…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ April 2, 2025 11:29 am