Researchers have identified Crocodilus, a new Android banking malware targeting users mainly in Spain and Turkey. Unlike basic malware, Crocodilus is equipped with advanced features like remote control and sophisticated data harvesting. It masquerades as a Google Chrome app and bypasses Android 13+ restrictions. Upon installation, it requests accessibility services permission to monitor app launches and display overlays that trick users into revealing sensitive credentials. It poses a particular threat to cryptocurrency wallets by manipulating users with social engineering tactics to gain access to their seed phrases, ultimately aiming for financial theft.
Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging.
It runs continuously, monitoring app launches and displaying overlays to intercept credentials.
This social engineering trick is nothing but a ploy on the part of the threat actors to guide the victims to navigate to their seed phrases, which are then harvested through the abuse of the accessibility services.
The malware is designed to facilitate device takeover (DTO) and ultimately conduct fraudulent transactions.
Collection
[
|
...
]