Crocodilus is a new type of malware targeting Android users, specifically those with crypto wallets. Discovered by Threat Fabric in March 2025, it utilizes overlays and social engineering to steal cryptocurrency assets. The malware is executed primarily through fake apps, SMS scams, malicious advertising, and phishing attempts. Once installed, Crocodilus requests accessibility permissions to take control of the device, allowing it to display fake overlays that trick users into revealing their wallet information. Notably, it can execute numerous commands including SMS takeover and remote device access. Signs of infection include suspicious app activity, increased battery drainage, and data usage spikes. If compromised, users should isolate their devices, recover assets using seed phrases, and consider using a different device altogether. Preventative measures include safe browsing practices, using hardware wallets, and thoroughly checking app downloads. As cyber threats to cryptocurrencies are on the rise, vigilance is crucial for users of digital wallets.

Source đź”—