Android Malware Crocodilus is Stealing Crypto
A newly discovered Android malware called Crocodilus is causing concern due to its ability to steal sensitive cryptocurrency wallet credentials through social engineering. Initially targeting users in Spain and Turkey, its advanced capabilities suggest a potential wider rollout.
Crocodilus is deployed via a proprietary dropper that bypasses security features in Android 13 and later, evading detection by Google’s Play Protect system.
Once installed, it requests access to the Accessibility Service, a feature intended to assist users with disabilities, but also allowing the malware to monitor screen content, simulate gestures, and interact with apps.
What makes Crocodilus particularly dangerous is its use of a convincing overlay screen, warning users to back up their wallet key within 12 hours or risk losing access.
This prompt guides victims to their crypto wallet’s seed phrase, which the malware logs using an Accessibility Logger, enabling attackers to gain full control of the wallet.
