Security firm ThreatFabric has detected a new Android malware called Crocodilus that steals cryptocurrency wallet seed phrases by posing as legitimate crypto apps.
How Crocodilus Operates
Once installed, Crocodilus leverages Android Accessibility permissions to gain remote control of devices. It can capture data, navigate apps, and even bypass security measures to drain funds from unsuspecting users’ wallets.
Crocodilus Attack Methods
The malware’s primary method of attack is social engineering. Cybercriminals distribute Crocodilus through fake app stores, phishing links, and malicious downloads. After installation, it requests extensive permissions, granting hackers the ability to monitor activity and extract wallet credentials.
Protecting Yourself from Crocodilus
To safeguard your funds, follow these best practices: only install crypto apps from trusted platforms, verify app authenticity, limit permissions especially for Accessibility access, and use two-factor authentication and hardware wallets for added protection.
If you suspect your device may be compromised, immediately revoke app permissions, disconnect from the internet, and perform a factory reset. Consider using dedicated security apps for further protection.
