BusinessPostCorner.com
No Result
View All Result
Sunday, July 19, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research

March 31, 2025
in Crypto News
Reading Time: 3 mins read
A A
0
New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research
ShareShareShareShareShare

A new “highly capable” mobile banking malware dubbed “Crocodilus,” targets Android devices, extorting sensitive crypto wallet credentials using social engineering tactics.

A recent research by cybersecurity firm Threat Fabric found the emergence of a new malware family Crocodilus. The malware is reportedly distributed through a proprietary dropper that bypasses Android 13+ restrictions.

“Despite being new, it already includes all the necessary features of modern banking malware: overlay attacks, keylogging, remote access, and ‘hidden’ remote control capabilities,” analysts noted.

Sophisticated Android malware designed to steal cryptocurrency private keys isn’t new. In October 2024, the FBI issued a warning about a similar malware called SpyAgent, which was linked to North Korean hackers.

However, what differs in the new mobile banking Trojan Crocodilus is the “device takeover and advanced credential theft,” Threat Fabric wrote on X.

A new mobile banking Trojan has emerged—#Crocodilus. Discovered during regular threat hunting, it’s already showing capabilities that rival top malware families, including device takeover and advanced credential theft.https://t.co/RlyfFxUYHe#BankingTrojan #ThreatFabric pic.twitter.com/47zPbPfFad

— ThreatFabric (@ThreatFabric) March 28, 2025

Crocodilus Displays Overlays to Target Banks and Cryptos

Crocodilus malware works on a modus operandi similar to modern “Device Takeover banking Trojan,” analysts noted. After initial installation via a proprietary dropper, the malware requests “Accessibility Service” to be enabled, they added.

In order to intercept credentials, Crocodilus connects to the command-and-control (C2) server for instructions such as overlays to be used.

Further, the threat initially appeared in Spain and Turkey, targeting several crypto wallets, the Mobile Threat Intelligence team revealed.

“We expect this scope to broaden globally as the malware evolves,” the team noted.

Additionally, the two-factor authentication (2FA) is bypassed by the malware using RAT command that triggers a screen capture on the content of the Google Authenticator application. Crocodilus captures the code displayed on the screen in the Google Authenticator app, and sends to the C2.

Malware Instructs Victims to Do the Job

Unlike other Trojans, Crocodilus overlays target crypto wallet by asking victims to take a backup of their wallet keys.

“Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet,” the overlay text reads.

This social engineering hack guides victims to navigate to their seed phrase. This inturn allows Crocodilus to extract the text using its Accessibility Logger.

“With this information, attackers can seize full control of the wallet and drain it completely,” Threat Fabric analysts said.

The post New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research appeared first on Cryptonews.


Credit: Source link

ShareTweetSendPinShare
Previous Post

Metaplanet Issues Zero-Interest Bonds Worth $13M to Acquire More Bitcoin

Next Post

Thames Water selects KKR as preferred bidder

Next Post
Thames Water selects KKR as preferred bidder

Thames Water selects KKR as preferred bidder

A&O Shearman hands partners £2.2mn as profits return to pre-merger levels

A&O Shearman hands partners £2.2mn as profits return to pre-merger levels

July 16, 2026
CVS CEO: GLP-1 economics ‘aren’t there yet’

CVS CEO: GLP-1 economics ‘aren’t there yet’

July 16, 2026
FASB chair plans for new standards, semiannual reporting

FASB chair plans for new standards, semiannual reporting

July 16, 2026
CLARITY Act Senate Vote: Ethics Fight Dims Passage Odds

CLARITY Act Senate Vote: Ethics Fight Dims Passage Odds

July 13, 2026
‘A casino for investors’: leverage brings huge swings to world’s best-performing market

‘A casino for investors’: leverage brings huge swings to world’s best-performing market

July 17, 2026
Peterborough pop-up school uniform and prom dress stall planned

Peterborough pop-up school uniform and prom dress stall planned

July 14, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Chinese firm seeks compensation over British Steel nationalisation

Chinese firm seeks compensation over British Steel nationalisation

July 19, 2026
Why Friday afternoon is the worst time to shop online — and marketers know the window when your guard is down

Why Friday afternoon is the worst time to shop online — and marketers know the window when your guard is down

July 19, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!