CyberSecurity news
FlagThis
rohansinhacyblecom@cyble.com
//
A new Android malware named Crocodilus has been discovered targeting cryptocurrency users, primarily in Spain and Turkey. Cybersecurity researchers have found that Crocodilus employs sophisticated techniques, including remote control capabilities, black screen overlays, and advanced data harvesting through accessibility logging. The malware is designed to steal banking and cryptocurrency credentials, posing a significant threat to Android users in these regions.
Crocodilus tricks users into divulging their cryptocurrency wallet seed phrases by displaying a fake warning urging them to back up their keys to avoid losing access. It also exploits accessibility features to monitor app launches, display overlays to intercept credentials, and capture screen contents, including Google Authenticator OTP codes. This allows attackers to gain full control of wallets and drain assets. The malware also features call and SMS control, device admin and persistence, social engineering, and remote commands and settings update capabilities.
ThreatFabric researchers note that Crocodilus exhibits a high level of maturity for a newly discovered threat, demonstrating advanced device takeover capabilities. The malware is distributed via a proprietary dropper that bypasses Android 13 security protections and installs the malware without triggering Play Protect. Analysis of the source code suggests that the malware author is Turkish-speaking.
ImgSrc: cyble.com
References :
Crocodilus tricks users into divulging their cryptocurrency wallet seed phrases by displaying a fake warning urging them to back up their keys to avoid losing access. It also exploits accessibility features to monitor app launches, display overlays to intercept credentials, and capture screen contents, including Google Authenticator OTP codes. This allows attackers to gain full control of wallets and drain assets. The malware also features call and SMS control, device admin and persistence, social engineering, and remote commands and settings update capabilities.
ThreatFabric researchers note that Crocodilus exhibits a high level of maturity for a newly discovered threat, demonstrating advanced device takeover capabilities. The malware is distributed via a proprietary dropper that bypasses Android 13 security protections and installs the malware without triggering Play Protect. Analysis of the source code suggests that the malware author is Turkish-speaking.
ImgSrc: cyble.com
Share:
References :
- BleepingComputer: A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access.
- securityaffairs.com: Experts warn of the new sophisticate Crocodilus mobile banking Trojan
- thehackernews.com: Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey.
- BleepingComputer: A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access.
- www.scworld.com: Advanced Crocodilus Android trojan emerges Widely known cryptocurrency wallets, as well as banks in Spain and Turkey, have already been targeted in attacks involving the novel sophisticated Crocodilus Android trojan, which combines bot and remote access trojan capabilities to facilitate banking and cryptocurrency credential compromise, according to Security Affairs.
- Blog: New Crocodilus malware snaps up crypto wallets
- The420.in: Crypto Under Attack: Crocodilus Malware Targets Android Users
- securityonline.info: Android Under Attack: Crocodilus Trojan Captures OTPs from Google Authenticator
- www.cysecurity.news: New Android Banking Trojan 'Crocodilus' Emerges as Sophisticated Threat in Spain and Turkey
Classification:
- HashTags: #AndroidMalware #Crocodilus #CryptoTheft
- Target: Cryptocurrency Users in Spain and Turkey
- Attacker: Crocodilus
- Product: Android
- Feature: Crypto Wallet Theft
- Malware: Crocodilus
- Type: Malware
- Severity: Major