BusinessPostCorner.com
No Result
View All Result
Saturday, July 18, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research

March 31, 2025
in Crypto News
Reading Time: 3 mins read
A A
0
New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research
ShareShareShareShareShare

A new “highly capable” mobile banking malware dubbed “Crocodilus,” targets Android devices, extorting sensitive crypto wallet credentials using social engineering tactics.

A recent research by cybersecurity firm Threat Fabric found the emergence of a new malware family Crocodilus. The malware is reportedly distributed through a proprietary dropper that bypasses Android 13+ restrictions.

“Despite being new, it already includes all the necessary features of modern banking malware: overlay attacks, keylogging, remote access, and ‘hidden’ remote control capabilities,” analysts noted.

Sophisticated Android malware designed to steal cryptocurrency private keys isn’t new. In October 2024, the FBI issued a warning about a similar malware called SpyAgent, which was linked to North Korean hackers.

However, what differs in the new mobile banking Trojan Crocodilus is the “device takeover and advanced credential theft,” Threat Fabric wrote on X.

A new mobile banking Trojan has emerged—#Crocodilus. Discovered during regular threat hunting, it’s already showing capabilities that rival top malware families, including device takeover and advanced credential theft.https://t.co/RlyfFxUYHe#BankingTrojan #ThreatFabric pic.twitter.com/47zPbPfFad

— ThreatFabric (@ThreatFabric) March 28, 2025

Crocodilus Displays Overlays to Target Banks and Cryptos

Crocodilus malware works on a modus operandi similar to modern “Device Takeover banking Trojan,” analysts noted. After initial installation via a proprietary dropper, the malware requests “Accessibility Service” to be enabled, they added.

In order to intercept credentials, Crocodilus connects to the command-and-control (C2) server for instructions such as overlays to be used.

Further, the threat initially appeared in Spain and Turkey, targeting several crypto wallets, the Mobile Threat Intelligence team revealed.

“We expect this scope to broaden globally as the malware evolves,” the team noted.

Additionally, the two-factor authentication (2FA) is bypassed by the malware using RAT command that triggers a screen capture on the content of the Google Authenticator application. Crocodilus captures the code displayed on the screen in the Google Authenticator app, and sends to the C2.

Malware Instructs Victims to Do the Job

Unlike other Trojans, Crocodilus overlays target crypto wallet by asking victims to take a backup of their wallet keys.

“Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet,” the overlay text reads.

This social engineering hack guides victims to navigate to their seed phrase. This inturn allows Crocodilus to extract the text using its Accessibility Logger.

“With this information, attackers can seize full control of the wallet and drain it completely,” Threat Fabric analysts said.

The post New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research appeared first on Cryptonews.


Credit: Source link

ShareTweetSendPinShare
Previous Post

Metaplanet Issues Zero-Interest Bonds Worth $13M to Acquire More Bitcoin

Next Post

Thames Water selects KKR as preferred bidder

Next Post
Thames Water selects KKR as preferred bidder

Thames Water selects KKR as preferred bidder

Big Tech to face fines for consumer protection failures, says EU official

Big Tech to face fines for consumer protection failures, says EU official

July 12, 2026
ACA Marketplace insurers propose 14% premium hike for 2027

ACA Marketplace insurers propose 14% premium hike for 2027

July 14, 2026
SpaceX and the myth of independent Wall St research

SpaceX and the myth of independent Wall St research

July 17, 2026
Goldman’s Kathy Ruemmler tells Congress Epstein emails taken out of context

Goldman’s Kathy Ruemmler tells Congress Epstein emails taken out of context

July 15, 2026
Profound vs. Peec AI: Which AEO tool supports your growth strategy?

Profound vs. Peec AI: Which AEO tool supports your growth strategy?

July 15, 2026
Demand for Bedford baby bank growing faster than donations

Demand for Bedford baby bank growing faster than donations

July 13, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Landon Donovan: ‘There is zero chance I could have played club soccer’ because of high costs

Landon Donovan: ‘There is zero chance I could have played club soccer’ because of high costs

July 18, 2026
Iran strikes Saudi Arabia for first time in months

Iran strikes Saudi Arabia for first time in months

July 18, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!