As cybercriminals are always coming up with new ways to attack, the latest advanced threat to cryptocurrency users is Crocodilus, a new malware for Android. Threat Fabric, a cybersecurity company, found this malware. It can take complete control of a device that has it and use advanced screen overlay methods to trick people into giving up their crypto seed phrases. Crocodilus is a dangerous Trojan that can empty digital wallets without users realizing it. It can take over devices and spy on users from afar.
Crocodilus attacks and controls devices
If you open a specific banking or bitcoin app, Crocodilus’ fake screen overlay will appear. Malware turns off the device’s sound and gets people to enter private information. A fake message tells users they must back up their wallet key within 12 hours, or they will lose access. People fall for this social engineering trick and give away their seed phrase. The malware then uses an accessibility logger to record this information.
Once they have the seed phrase, hackers can empty the victim’s crypto wallet without the victim’s knowledge.
Security bypass and infection
Crocodiles usually circumvent Android 13’s security measures by downloading programs. Once on your computer, the malware asks for accessibility service rights, which allows it to watch what’s happening on the screen and steal your credentials.
The lousy software links to a command-and-control (C2) server that tells it how to attack certain banking and crypto apps. It runs all the time in the background, watching as apps open and putting overlays on top of them in real-time. By working invisibly while collecting private information, Crocodilus is tough to find.
Global Effect and Threat Expansion
Researchers have found that Crocodilus targets users in Turkey and Spain, but they think it will reach more people. Based on notes in the code, Threat Fabric believes that the people who made the malware may speak Turkish. Some people also think a hacker named Sybra may be behind the attack.
Conclusion
Android users should only get apps from approved stores, ensure security updates are installed and never share their crypto seed phrase. Strong security and being careful about fake backup requests can help keep your money safe.
