EddieJayonCrypto
2 Apr 25
A new strain of malware named "Crocodilus" is targeting mobile banking apps and crypto wallets on Android phones. It utilizes remote control, black screen overlays, and advanced data harvesting. The malware uses dropper malware to bypass Android restrictions and requests victims to enable Accessibil...
A new strain of malware dubbed "Crocodilus" is targeting mobile banking apps and crypto wallets on Android phones. It employs remote control, black screen overlays, and advanced data harvesting. The malware uses dropper malware to bypass Android restrictions and requests victims to enable Accessibility Service, subsequently using overlays to deceive victims into disclosing their credentials.
ThreatFabric, a fraud prevention firm, highlights that "Crocodilus" primarily targets Spain and Turkey, along with several cryptocurrency wallets, with the potential to expand globally. The malware features a keylogger that monitors all Accessibility events and captures displayed elements, allowing it to effectively log all text changes performed by a victim. When victims input their PINs or passwords, the malware prompts them to back up their wallet key within 12 hours, enabling it to steal the seed phrases.
ThreatFabric notes that the deceptive message displayed by "Crocodilus" to steal seed phrases from crypto wallets is designed to convince victims to navigate to their seed phrases, which the malware then steals using its accessibility logger.