New Malware Crocodilus Targets Mobile Banking Apps, Crypto Wallets

A new strain of malware, named Crocodilus, has been identified targeting mobile banking apps and crypto wallets on Android devices. This sophisticated trojan, as reported by the fraud prevention firm, utilizes remote control capabilities, black screen overlays, and advanced data harvesting techniques to compromise users' financial security. The malware primarily targets users in Spain and Turkey, with expectations that its scope will broaden globally as it evolves.

Crocodilus employs dropper malware to bypass Android restrictions and gain access to victims' systems. Once installed, it requests users to enable Accessibility Service, allowing it to run deceptive applications on top of legitimate apps. These overlays trick users into divulging their credentials, making it easier for the malware to steal sensitive information. The malware also includes an Accessibility Logger, which monitors all Accessibility events and captures all elements displayed on the screen, effectively logging all text changes performed by the victim.

One of the notable features of Crocodilus is its ability to display a message to victims, urging them to back up their wallet key within 12 hours. This message is designed to convince users to navigate to their seed phrases, which the malware then steals using its accessibility logger. This tactic highlights the malware's advanced capabilities in manipulating users into compromising their own security.

The discovery of Crocodilus underscores the increasing sophistication of cyber threats targeting financial institutionsFISI-- and crypto platforms. As more users adopt mobile banking and crypto wallets, the risk of falling victim to such malware increases. Financial institutions and crypto platforms must remain vigilant and implement robust security measures to protect their users from these evolving threats. Users are also advised to be cautious and take necessary precautions, such as using strong passwords, enabling two-factor authentication, and keeping their devices and apps up to date with the latest security patches.