🎁 Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. JOIN NOW! 🔥

Android Malware Crocodilus Goes Global with Smarter Theft Tools

Key Takeaways

  • ​Crocodilus malware is active in multiple regions by using fake apps and ads to target banking and crypto users;
  • It tricks users with fake login pages and adds fake “Bank Support” contacts to carry out scams;
  • The malware can now steal crypto wallet keys and uses encryption to block detection and analysis.

Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now ! 🔥

Android Malware Crocodilus Goes Global with Smarter Theft Tools

The Mobile Threat Intelligence team at ThreatFabric has reported that the Android malware, Crocodilus, is targeting banking and cryptocurrency users in several regions, including Europe, South America, Asia, and the United States.

In Poland, a recent campaign used Facebook ads to promote a fake rewards app. When users clicked the ad, they were redirected to a malicious website that installed malware. This version of Crocodilus could bypass the protections in Android 13 and later versions.

Meanwhile, in Spain, the malware pretended to be a browser update and went after customers of nearly all major banks. Once installed, it overlays fake login pages onto real banking and crypto apps.

What is an Automated Market Maker in Crypto? (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Recent updates to Crocodilus include new tools for stealing more than just login details.

One feature enables the malware to add fake phone numbers to a device’s contact list, which labels them as "Bank Support". Another new tool focuses on cryptocurrency wallets. Crocodilus includes a feature that can automatically collect recovery phrases and private keys.

Furthermore, the developers behind Crocodilus have added new layers of code protection. The malware employs multiple forms of encryption and complex programming techniques, which hinder efforts to understand its operation and mitigate its effects.

Originally found in Turkey in March 2025, Crocodilus disguised itself as fake gambling and banking apps to steal login information.

On May 22, cybersecurity firm Moonlock reported that hackers are targeting macOS users with fake Ledger Live apps. How do these fake apps work? Read the full story.

Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.

Loading...
binance
×
Verified

$600 WELCOME BONUS

Earn Huge Exclusive Binance Learners Rewards
5.0 Rating