Security experts have identified new malware named Crocodilus, which targets Android users and steals their funds. Threat Fabric, a cybersecurity firm, shared the update in a new report.
How Devices Get Infected
The malware bypasses Android’s 13 security measures. Once installed, the user receives a prompt to grant access to the phone’s accessibility service. If granted, the malware connects to a remote server for further instructions. The malware monitors apps continuously and launches fake overlays to steal credentials when users open targeted banking or crypto apps. Crocodilus also mutes the device’s sound to avoid detection.
Who Is at Risk?
Threat Fabric’s research shows that Crocodilus has primarily targeted users in Turkey and Spain. However, experts believe the malware's reach will expand. The developers appear to have Turkish ties based on coding notes, and a hacker named Sybra or another cybercriminal might be behind it.
Implications and Recommendations
Threat Fabric alerts that Crocodilus is highly advanced for newly discovered malware. Its ability to remotely take over devices and conduct silent attacks makes it a significant concern for crypto users. Experts urge users to stay alert and strengthen security systems.
The emergence of Crocodilus highlights the need for enhanced protection for Android users, especially those using cryptocurrency wallets. Users must be aware of threats and take preventive measures against data theft.
