A newly identified Android banking malware named Crocodilus is making waves in the cybersecurity world, with experts warning about its advanced capabilities and targeted attacks in Spain and Turkey. Discovered by Dutch mobile security firm ThreatFabric, the malware represents a major leap in sophistication, emerging not as a prototype but as a fully-developed threat capable of device takeover, remote control, and stealth data harvesting through accessibility services.
Unlike many early-stage banking trojans, Crocodilus comes armed with a broad range of functionalities from its inception. Masquerading as Google Chrome via a misleading package name (“quizzical.washbowl.calamity”), the malware bypasses Android 13+ restrictions and initiates its attack by requesting accessibility permissions. Once granted, it connects to a command-and-control (C2) server to receive a list of targeted financial applications and corresponding HTML overlays to steal login credentials.
The malware also targets cryptocurrency users with a unique social engineering strategy. Instead of spoofing wallet login pages, it pushes alarming messages urging users to back up their seed phrases within 12 hours or risk losing access. This manipulative tactic prompts victims to expose their seed phrases, which are then harvested via accessibility logging—giving attackers full access to the wallets.
Crocodilus operates continuously in the background, monitor
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: