Crypto security experts have identified a new malware called Crocodilus. Experts claim this malware targets Android users and steals their funds.
Threat Fabric, a cybersecurity firm, shared the update in a new report published on March 28, detailing the tactics of this malware. According to the report, Crocodilus tricks crypto users with a fake warning screen.
This false alarm seeks to urge them to back up their wallet seed phrase within 12 hours to prevent losing access to their funds. If the unsuspecting victim heeds this warning and accesses their seed phrase, the malware records the text using an accessibility logger. Once hackers have the seed phrase, they can take full control of the wallet and drain the funds.
A new mobile banking Trojan has emerged—#Crocodilus. Discovered during regular threat hunting, it’s already showing capabilities that rival top malware families, including device takeover and advanced credential theft.https://t.co/RlyfFxUYHe#BankingTrojan #ThreatFabric pic.twitter.com/47zPbPfFad
— ThreatFabric (@ThreatFabric) March 28, 2025
Though Crocodilus mainly targets crypto wallets, it has all the features of modern banking malware. It uses overlay attacks, screen captures passwords, and even has remote access capabilities, allowing hackers to control a vulnerable device without the user’s knowledge.
How Devices Get Infected
The malware bypasses Android’s 13 security measures. Once the software is installed, the user receives a prompt to grant access to the phone’s accessibility service. If granted, the malware connects to a remote server for further instructions. The malware continuously monitors apps and launches fake overlays to steal credentials when users open targeted banking or crypto apps.
Cybersecurity researchers have reported the emergence of a new Android banking trojan named Crocodilus, which is actively targeting users in Spain and Turkey.https://t.co/nYoDuUuLOe
— Gray Hats (@the_yellow_fall) April 1, 2025
Crocodilus mutes the device’s sound to avoid detection. Once the hackers have control of the user’s login details and data, they can easily carry out transactions remotely. This way, hackers move funds without security detection.
Who Is at Risk?
Threat Fabric’s research shows that Crocodilus has mainly targeted users in Turkey and Spain. However, experts believe the malware’s reach will expand. The developers appear to have Turkish ties based on coding notes, and a hacker named Sybra or another cybercriminal might be behind it.
Always thought crocodiles lived only in swamps…
In reality they’re moving into your crypto wallet on Android!
“Crocodilus” is the latest mobile-device malware that can launch a fake overlay for certain apps to trick Android users into providing their crypto seed phrases as it… pic.twitter.com/0F6ICFrQG5
— DONNIE (@Donnie100x) March 31, 2025
Furthermore, Threat Fabric warns that Crocodilus is highly advanced for a newly discovered malware. Its ability to take over devices remotely and execute silent attacks makes it a serious concern for crypto users. Experts urge users to stay alert and implement stronger security systems.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted risk tolerance levels of the writer/reviewers, and their risk tolerance may differ from yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments, so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.
The post Crocodilus Malware Hijacks Phones to Steal Crypto appeared first on Altcoin Buzz.
