BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Crocodilus Android Trojan Spreads Globally, Gains New Features

Crocodilus Android Banking Trojan Spreads Globally with Advanced Evasion and Credential Theft Techniques

  • A new Android banking trojan called Crocodilus is targeting users in Europe and South America.
  • Crocodilus spreads through fake apps and online ads, and uses advanced techniques to avoid detection.
  • The Malware can steal banking credentials, capture cryptocurrency wallet seed phrases, and create fake contacts.
  • Attackers use Facebook ads and mimic real apps or services to trick users into downloading the malware.
  • Crocodilus campaigns have expanded beyond Spain and Turkey to include countries like Poland, Brazil, Argentina, India, Indonesia, and the United States.

A new wave of cyber attacks is using the Crocodilus banking trojan to target Android users across several countries, according to a report released by ThreatFabric. The malware, which first appeared in March 2025, is now active in Europe and South America, and has added new features to evade security measures.

- Advertisement -

Crocodilus disguises itself as trusted apps such as Google Chrome and uses fake advertisements—especially on Facebook—to reach potential victims. In Poland, for example, scammers spread the malware by posing as banks and e-commerce platforms, offering “bonus points” that prompt users to download a malicious app. If the user installs it, Crocodilus is deployed on their device.

Once installed, Crocodilus can launch “overlay attacks” on a list of banking applications. An overlay attack is when malware displays a fake login page over a real banking app to steal user credentials. ThreatFabric also reports that the trojan exploits Android’s accessibility settings to capture cryptocurrency wallet seed phrases and private keys, putting digital assets at risk.

Recent versions of Crocodilus can create a new contact on a victim’s device with a convincing name, such as “Bank Support.” If attackers use this feature, they can call victims and bypass anti-fraud warnings that appear during unknown number interactions. According to ThreatFabric, “We believe the intent is to add a phone number under a convincing name such as ‘Bank Support,’ allowing the attacker to call the victim while appearing legitimate. This could also bypass fraud prevention measures that flag unknown numbers.”

The malware now reaches more countries, including Spain, Turkey, Argentina, Brazil, India, Indonesia, and the United States. It continues to update its code to block security analysis and reverse engineering. ThreatFabric notes that Crocodilus campaigns are evolving and spreading, which makes them a growing concern for Android users worldwide (more details here).

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

LINE NEXT launches global stablecoin platform Unifi

LINE NEXT has launched Unifi, a non-custodial stablecoin platform, now available globally as it...

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

Must Read

How to Buy VPN With Bitcoin Using CyberGhost VPN

In this step-by-step guide, you will learn how to purchase a VPN (Virtual Private Network) subscription using Bitcoin, a popular cryptocurrency, and CyberGhost VPN,...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading