Loading cryptocurrency prices...

‘Crocodilus’ Malware Steals Crypto by Tricking Android Wallet Users

  • “Crocodilus” Malware targets cryptocurrency wallets on Android devices, tricking users into revealing their seed phrases.
  • The malware operates stealthily with remote access capabilities, black screen overlays, and can bypass Android 13+ security protections.
  • Currently affecting users in Spain and Turkey, but distribution methods suggest potential for wider spread.

A sophisticated new malware named “Crocodilus” is actively targeting cryptocurrency wallets on Android devices, security researchers revealed this week. The trojan uses deceptive techniques to convince users to surrender their wallet seed phrases, potentially giving attackers complete access to victims’ digital assets.

- Advertisement -

ThreatFabric, a fraud prevention company, uncovered the threat, which disguises itself as legitimate cryptocurrency applications. The malware specifically targets crypto wallet users through tailored social engineering techniques.

“Crocodilus is masquerading as crypto-related apps and involves specific social engineering techniques to make victims reveal the secrets stored inside cryptocurrency wallet applications,” explained Aleksandar Eremin, head of mobile threat intelligence at ThreatFabric. He noted that this indicates the “specific interest of the actors behind it in targeting users of cryptocurrency wallets.”

The malware’s primary deception involves displaying a fraudulent warning message that creates urgency: “Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet.” This tactic manipulates users into entering their seed phrase, which attackers can then capture.

What makes Crocodilus particularly dangerous is its distribution method. It deploys through a proprietary dropper that can circumvent security protections on Android 13 or later versions. Once installed, the malware requests Accessibility Service permissions, allowing it to bypass restrictions and deploy screen overlays to harvest passwords.

- Advertisement -

Beyond seed phrase theft, Crocodilus functions as a remote access trojan (RAT), giving operators comprehensive control over the victim’s device. Attackers can navigate the interface, use gesture controls, and capture screenshots—all while employing a black screen overlay that keeps these activities hidden from the device owner. This capability even allows attackers to access two-factor authentication passcodes through applications like Google Authenticator.

Currently, researchers have identified victims primarily in Spain and Turkey. The malware’s debug language appears to be Turkish, suggesting possible geographic origins. However, the varied distribution channels—including malicious websites, social media, fake promotions, text messages and third-party app stores—indicate potential for wider spread.

Android users can protect themselves by exercising caution: only download applications from the official Google Play Store and avoid installing APK files from third-party sources.

Despite being new to the threat landscape, security experts are concerned about Crocodilus’s potential. “Despite being a newcomer to the mobile threat landscape,” Eremin told Decrypt, the malware’s “rich set of capabilities” could position it as a competitor to established malware-as-a-service offerings on underground markets.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Chainlink (LINK) Eyes 205% ROI by 2026 After 21% Price Slide

ChainLink (LINK) declined 21% in the past month, dropping below $19.The decrease is linked...

S&P Global to Deliver Stablecoin Ratings On-Chain via Chainlink

S&P Global Ratings will offer Stablecoin Stability Assessments on-chain through a partnership with ChainLink. These...

Crypto Market Hit by Record $19B Liquidation, $65B Interest Wiped Out

A record $19 billion in crypto assets were liquidated during the market crash on...

Morgan Stanley Turns Bearish, Sees S&P 500 Drop Amid Tensions

Morgan Stanley shifts to a bearish outlook on the S&P 500 following last week’s...

Expert: Musk’s New $1T Pay Plan Focuses on Real Value for Tesla

Tesla proposed a new compensation plan for Elon Musk, tied solely to achieving set...
- Advertisement -

Must Read

Top 10 BEST Crypto Trading Books for New Traders

If you're thinking of diving into the crypto trading space, acquiring solid knowledge isn't just recommended - it's essential to protect your investment.Learning...