A new highly capable mobile banking malware known as “Crocodilus” has been identified by cybersecurity firm Threat Fabric. This sophisticated malware targets Android devices, using social engineering tactics to extort sensitive crypto wallet credentials from users.
According to Threat Fabric’s research, Crocodilus is distributed through a proprietary dropper that is able to bypass Android 13+ restrictions. Despite being a new malware, Crocodilus already possesses all the features of modern banking malware, including overlay attacks, keylogging, remote access, and hidden remote control capabilities.
While malware designed to steal cryptocurrency private keys is not new, what sets Crocodilus apart is its device takeover and advanced credential theft capabilities. The malware is able to take control of a user’s device and steal sensitive information, posing a significant threat to users’ crypto wallets.
Crocodilus operates by requesting the user to enable Accessibility Service after installation via the dropper. It then connects to a command-and-control server for instructions on which overlays to use to intercept credentials. Initially detected in Spain and Turkey, the malware has targeted several crypto wallets, with the potential to expand its reach globally as it evolves.
One of the concerning aspects of Crocodilus is its ability to bypass two-factor authentication (2FA) by capturing screen content from the Google Authenticator app. By capturing the code displayed on the screen, the malware can send it to the command-and-control server, effectively bypassing 2FA measures.
Unlike other Trojans, Crocodilus employs overlays to target crypto wallets by instructing victims to take a backup of their wallet keys. By tricking users into navigating to their seed phrase, the malware is able to extract the text using its Accessibility Logger. This information allows attackers to seize full control of the wallet and drain it completely.
Overall, Crocodilus represents a significant threat to users’ crypto wallets and sensitive information. It is essential for Android users to remain vigilant and take steps to protect themselves from malware attacks. By staying informed about the latest threats and practicing good cybersecurity hygiene, users can reduce their risk of falling victim to malicious attacks like Crocodilus.