Loading cryptocurrency prices...

‘Crocodilus’ Malware Steals Crypto by Tricking Android Wallet Users

  • “Crocodilus” Malware targets cryptocurrency wallets on Android devices, tricking users into revealing their seed phrases.
  • The malware operates stealthily with remote access capabilities, black screen overlays, and can bypass Android 13+ security protections.
  • Currently affecting users in Spain and Turkey, but distribution methods suggest potential for wider spread.

A sophisticated new malware named “Crocodilus” is actively targeting cryptocurrency wallets on Android devices, security researchers revealed this week. The trojan uses deceptive techniques to convince users to surrender their wallet seed phrases, potentially giving attackers complete access to victims’ digital assets.

- Advertisement -

ThreatFabric, a fraud prevention company, uncovered the threat, which disguises itself as legitimate cryptocurrency applications. The malware specifically targets crypto wallet users through tailored social engineering techniques.

“Crocodilus is masquerading as crypto-related apps and involves specific social engineering techniques to make victims reveal the secrets stored inside cryptocurrency wallet applications,” explained Aleksandar Eremin, head of mobile threat intelligence at ThreatFabric. He noted that this indicates the “specific interest of the actors behind it in targeting users of cryptocurrency wallets.”

The malware’s primary deception involves displaying a fraudulent warning message that creates urgency: “Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet.” This tactic manipulates users into entering their seed phrase, which attackers can then capture.

What makes Crocodilus particularly dangerous is its distribution method. It deploys through a proprietary dropper that can circumvent security protections on Android 13 or later versions. Once installed, the malware requests Accessibility Service permissions, allowing it to bypass restrictions and deploy screen overlays to harvest passwords.

- Advertisement -

Beyond seed phrase theft, Crocodilus functions as a remote access trojan (RAT), giving operators comprehensive control over the victim’s device. Attackers can navigate the interface, use gesture controls, and capture screenshots—all while employing a black screen overlay that keeps these activities hidden from the device owner. This capability even allows attackers to access two-factor authentication passcodes through applications like Google Authenticator.

Currently, researchers have identified victims primarily in Spain and Turkey. The malware’s debug language appears to be Turkish, suggesting possible geographic origins. However, the varied distribution channels—including malicious websites, social media, fake promotions, text messages and third-party app stores—indicate potential for wider spread.

Android users can protect themselves by exercising caution: only download applications from the official Google Play Store and avoid installing APK files from third-party sources.

Despite being new to the threat landscape, security experts are concerned about Crocodilus’s potential. “Despite being a newcomer to the mobile threat landscape,” Eremin told Decrypt, the malware’s “rich set of capabilities” could position it as a competitor to established malware-as-a-service offerings on underground markets.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Gold Prices Fall Under $4,000: Should Concern Be Rising?

Gold prices dropped nearly 3% this week due to investor sell-offs and profit-taking.The XAU/USD...

Cathie Wood Denies AI Bubble, Warns of Reality Check on Valuations

Cathie Wood rejects the idea that Artificial Intelligence (AI) is in an investment bubble. She...

Bitcoin Must Hold $114K Support to Confirm Recovery and Rally

Bitcoin's price needs to maintain support at $114,000 to confirm its recovery.Trading volume and...

Hedera Soars Following ETF Launch Approval: What Comes Next?

Hedera (HBAR) has surged significantly following confirmation of its ETF launch.HBAR rose 11.1% in...

Bitcoin Dips as Fed, Xi-Trump Meeting Loom; New Crypto ETFs Launch

Major cryptocurrencies, including Bitcoin, Ethereum, and BNB, declined...
- Advertisement -

Must Read

The 10 Best Crypto Podcasts You Can’t Miss

Table of ContentsBest Cryptocurrency Podcasts To Add To Your Playing List1. The Money Movement2. The Crypto Conversation3. The Pomp Podcast4. What Bitcoin Did5. The...