Android malware ‘Crocodilus’ can take over phones to steal crypto
Strength strength of fabrics says that it has found a new family of malware that can start a false cover for certain applications to accept Android users to provide their crypts with crypts.
Analysts Fabric threats said in the 28th March reported that Crocodilus Malware uses screen warning users to make Crypto Wallet key to a specified deadline or risk to lose access.
“Once the victim provides a password from the application, a message will be displayed: Market for a wallet in Settings within 12 hours. Otherwise, the application will reset and you can lose access to your wallet,” said the fabric threat. ”
“This social engineering trick leads the victim to move to its seed clock key, allowing the crocodile to catch the text using his accessibility report.”
Source: Weaving
Once the actors of the threats have a phrase for the seed, they can take full control over the wallet and “is completely dry.”
The fabric for threats says that new malware, Crocodilus has all the characteristics of modern banking malware, with covering attacks, on screen recording, such as passwords and remote access to download the infected device.
The initial infection occurs inadvertently downloading malware In another software, which bypasses Android 13 and security protection, according to the threat fabric.
Once installed, Crocodilus requires to enable accessibility service, which hackers allow access to the device.
“Once approved, malware connects to command and control (C2) server to receive instructions, including a list of target applications and coverings to be used,” said the fabric for threats.
Once installed, Crocodilus requires to enable accessibility service, giving hackers access to the device. Source: Weaving
Continuously lasts, monitoring the application starts and displays covering to intercept credentials. When a targeted bank or cryptocurnt application opens, the fake coaster is launched over the top and turns off sound while hackers take control of the device.
“With stolen PII and credentials, threat actors can take full control over the victim’s device using the built-in remote access, completing false transactions without detection,” said fabric threat.
Intelling the mobile threat of Tabriks for mobile threats found malicious software Targets users in Turkey and Spain, but he said the volume of use would probably expand over time.
Related: Be careful of “cracked” tradingview – it’s a trojan stealing crypto
They also speculate developers that they can speak Turkish, based on the notes in the Code and added that the actor is a threat known as Sibra or Another hacker testing New software could be behind malicious software.
“The occurrence of crocodile mobile banking Trojan signifies significant escalation in sophistication and the level of threats representing modern malware.”
“With its more advanced options for downloading devices, the crocodile’s remote controls, the crocodile shows the level of maturity unusual in newly discovered threats, fabric threats added, added fabric threats.
Journal: Funny “Chinese Mint” Cripto Fraud, Japan Dawn in StableCoins: Asia Express
https://images.cointelegraph.com/cdn-cgi/image/format=auto,onerror=redirect,quality=90,width=1200/https://s3.cointelegraph.com/uploads/2025-03/0195e94d-0f82-75bf-bb04-c0b9c63a4fd8
2025-03-31 05:21:00
