Threat Fabric has discovered new malware called Crocodilus, employing screen overlay tactics to deceive Android users and steal their crypto wallet seed phrases.
Features of Crocodilus
Crocodilus is a new type of malware for Android, featuring all elements of modern banking fraud. It uses screen overlays to deceive users into providing critical data like passwords and wallet seed phrases. Once acquired, hackers can fully control the wallet and drain its contents.
How the Malware Works
The initial infection occurs through inadvertent software download that bypasses security features of Android 13. After installation, Crocodilus requests accessibility service access, allowing hackers device control. It triggers overlays to intercept user credentials and mutes sound while taking command of the targeted app.
Current Situation and Potential Threat
The malware targets users in Turkey and Spain but is likely to expand its reach, according to Threat Fabric. Developers, potentially Turkish-speaking, continue improving Crocodilus, increasing attack sophistication. This signals a growing complexity in attacks, urging states and users to enhance cybersecurity measures.
The emergence of Crocodilus underlines the need for heightened awareness of new threat forms and underscores the importance of enhanced cybersecurity measures for Android users.
