201/68 Thursday, June 5, 2025
Cybersecurity experts are warning of a new malware strain called Crocodilus, which is rapidly spreading across Android devices globally. Initially detected in Turkey, Crocodilus disguises itself as fake banking apps, fake browser updates, and malicious ads to infect users. While early tests in March showed it targeting primarily Turkish Android users, the malware has since expanded to devices in Poland, Spain, South America, and parts of Asia-marking its evolution from a regional to a global threat.
Crocodilus now includes updated capabilities, such as creating fake contacts in the victim’s address book—likely for social engineering scams-and harvesting seed phrases used to generate private keys for cryptocurrency wallets. This allows it to automatically access sensitive crypto assets stored on infected Android devices.
Despite Google’s ongoing efforts to strengthen Android security-including removing over 2.36 million harmful apps via Google Play Protect last year-Crocodilus exemplifies how cybercriminals continue to adapt. The malware isn’t confined to one distribution method; it may come pre-installed on low-cost devices, or be delivered through malicious websites and phishing attachments.
Experts urge both users and organizations to stay vigilant and adopt proactive security measures, as sophisticated threats like Crocodilus continue to grow in complexity and reach.
Source https://www.darkreading.com/mobile-security/crocodilus-sharpens-teeth-android-users
