‘Crocodilus’ Malware Steals Crypto by Tricking Android Wallet Users

  • “Crocodilus” Malware targets cryptocurrency wallets on Android devices, tricking users into revealing their seed phrases.
  • The malware operates stealthily with remote access capabilities, black screen overlays, and can bypass Android 13+ security protections.
  • Currently affecting users in Spain and Turkey, but distribution methods suggest potential for wider spread.

A sophisticated new malware named “Crocodilus” is actively targeting cryptocurrency wallets on Android devices, security researchers revealed this week. The trojan uses deceptive techniques to convince users to surrender their wallet seed phrases, potentially giving attackers complete access to victims’ digital assets.

- Advertisement -

ThreatFabric, a fraud prevention company, uncovered the threat, which disguises itself as legitimate cryptocurrency applications. The malware specifically targets crypto wallet users through tailored social engineering techniques.

“Crocodilus is masquerading as crypto-related apps and involves specific social engineering techniques to make victims reveal the secrets stored inside cryptocurrency wallet applications,” explained Aleksandar Eremin, head of mobile threat intelligence at ThreatFabric. He noted that this indicates the “specific interest of the actors behind it in targeting users of cryptocurrency wallets.”

The malware’s primary deception involves displaying a fraudulent warning message that creates urgency: “Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet.” This tactic manipulates users into entering their seed phrase, which attackers can then capture.

What makes Crocodilus particularly dangerous is its distribution method. It deploys through a proprietary dropper that can circumvent security protections on Android 13 or later versions. Once installed, the malware requests Accessibility Service permissions, allowing it to bypass restrictions and deploy screen overlays to harvest passwords.

Beyond seed phrase theft, Crocodilus functions as a remote access trojan (RAT), giving operators comprehensive control over the victim’s device. Attackers can navigate the interface, use gesture controls, and capture screenshots—all while employing a black screen overlay that keeps these activities hidden from the device owner. This capability even allows attackers to access two-factor authentication passcodes through applications like Google Authenticator.

Currently, researchers have identified victims primarily in Spain and Turkey. The malware’s debug language appears to be Turkish, suggesting possible geographic origins. However, the varied distribution channels—including malicious websites, social media, fake promotions, text messages and third-party app stores—indicate potential for wider spread.

- Advertisement -

Android users can protect themselves by exercising caution: only download applications from the official Google Play Store and avoid installing APK files from third-party sources.

Despite being new to the threat landscape, security experts are concerned about Crocodilus’s potential. “Despite being a newcomer to the mobile threat landscape,” Eremin told Decrypt, the malware’s “rich set of capabilities” could position it as a competitor to established malware-as-a-service offerings on underground markets.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest

Hedera Urges Dynamic Gas Estimation to Prevent dApp Failures

Hardcoded gas limits in smart contracts can cause transaction failures as network conditions or contract logic change.Dynamic gas estimation improves reliability, using tools like...

BitMEX Foils Lazarus Group’s “Unsophisticated” Phishing Attack

Bitmex stopped a phishing attempt by the North Korea-linked Lazarus Group targeting its staff for a crypto scam.The attacker used social engineering on LinkedIn,...

CoinFerenceX Dubai 2025: Where Decentralization Took the Main Stage

What happens when you remove the middlemen, the gatekeepers, and the corporate filters — and let the Web3 community lead?You get CoinFerenceX Dubai.On April...

Elon Musk’s X Launches XChats With Bitcoin-Style Encryption

XChats will offer advanced features such as audio/video calls, encrypted and vanishing messages, and file sharing. Musk claims XChats uses the Rust programming...

Monero Spy Node Map Shows Public XMR Nodes, Even in Antarctica

P2Pool released version 4.7 with support for a sidechain and various fixes. Software updates released for Cake and Monero.com wallets address recent issues. ...

Must Read

17 Best Audiobooks On Blockchain Technology For Beginners

If you're looking to dive into the world of blockchain technology, you're in for a treat. The field is rapidly evolving and the potential...