Crypto Under Attack: Crocodilus Malware Targets Android Users

A newly discovered Android malware, dubbed “Crocodilus,” has been found to trick users into providing their cryptocurrency wallet seed phrases. This malware is particularly concerning, as it integrates social engineering tactics to deceive victims into giving away sensitive information.

Contents

ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!Key Features of Crocodilus:Targeted Countries and Apps:Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation

Crocodilus is distributed through a proprietary dropper that bypasses Android 13’s security protections. Once installed, the malware requests access to the device’s Accessibility Service, which allows it to unlock screen content, perform navigation gestures, and monitor app launches. The malware uses a screen overlay to warn users to “back up their wallet key in the settings within 12 hours” or risk losing access to their wallet. This social engineering trick guides the victim to navigate to their seed phrase, allowing Crocodilus to harvest the text using its Accessibility Logger.

ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!

Key Features of Crocodilus:

– Remote Access Trojan (RAT) Functionality: Allows operators to tap on the screen, navigate the user interface, perform swipe gestures, and more.
– Black Screen Overlay: Hides malicious activity from the victim and makes it appear as if the device is locked.
– Accessibility Logger: Harvests sensitive information, including seed phrases and one-time password codes.
– Bot Component: Supports 23 commands, including enabling call forwarding, launching specific applications, and sending SMS messages.

Targeted Countries and Apps:

Crocodilus has been observed targeting users in Turkey and Spain, including bank accounts from these countries. The malware is believed to be of Turkish origin.