Threat Fabric reports the discovery of 'Crocodilus', a new Android malware targeting cryptocurrency and banking applications. Once a victim opens a targeted app, a deceptive overlay appears, tricking users into sharing their crypto seed phrases under the guise of a warning to back up their wallets. If users comply, the malware harvests sensitive information, allowing attackers to gain full control of their digital wallets and completely drain them. Crocodilus incorporates features typical of modern banking malware, including screen captures for data harvesting and remote device control. Infection occurs by circumventing Android 13 security protections through other software. Once installed and granted accessibility services, Crocodilus connects to a command-and-control server to receive instructions on which apps to target. Initial findings indicate that the malware has been predominantly found in countries like Italy and Spain, with suggestions about the potential origins pointing to Turkish developers. The emergence of Crocodilus reflects a growing sophistication in mobile malware threats, leveraging serious device takeover capabilities to commit fraud without detection.

Source 🔗