Summary: Cybersecurity researchers have identified a new Android banking malware named Crocodilus that specifically targets users in Spain and Turkey. This sophisticated malware employs advanced techniques for device takeover and credential theft, masquerading as a legitimate application. It showcases the growing complexity and danger of modern mobile threats, especially within the banking sector.
Affected: Android users in Spain and Turkey
Keypoints :
- Features advanced capabilities such as remote control, black screen overlays, and data harvesting through accessibility services.
- Masquerades as “Google Chrome” and bypasses Android 13+ security measures.
- Employs social engineering tactics to trick users into revealing cryptocurrency seed phrases.
- Can monitor app launches, log activities, and perform unauthorized actions like sending SMS or retrieving contacts.
- Represents a significant rise in malware sophistication, posing a serious threat to mobile banking security.
Source: https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html