Blockchain Editor's Picks News

Crocodilus: The Malware Threatening Crypto Wallets on Android

Crocodilus: The Malware Threatening Crypto Wallets on Android

TL;DR

  • Crocodilus is an Android malware that steals crypto wallet credentials through social engineering and advanced techniques.
  • It uses a customized dropper to bypass restrictions and gains system control with accessibility permissions.
  • It can intercept keys, bypass 2FA, and trick users into revealing their seed phrase, allowing the theft of funds.

A new malware targeting Android devices has been identified by cybersecurity researchers. Named Crocodilus, this malicious software targets cryptocurrency wallet users using social engineering tactics and advanced intrusion techniques.

Its distribution method employs a customized dropper that bypasses Android 13+ restrictions, allowing it to install without the victim’s knowledge. Once on the device, it requests access to the Accessibility Service, granting control over various system functions.

Crocodilus: How It Works

The malware can execute overlay attacks to intercept credentials, log keystrokes, and activate hidden remote access. It also connects to a command-and-control server, where it receives real-time instructions to deploy its attacks. Although initially detected in Spain and Turkey, experts warn that its reach could expand to other regions as its development evolves.

Crocodilus malware android wallets

In addition to intercepting banking credentials, Crocodilus can bypass two-factor authentication by capturing screenshots of the Google Authenticator app. This method allows attackers to access protected accounts without directly compromising the victim’s device.

However, what makes it particularly dangerous is its strategy for obtaining seed phrases from crypto wallets. Instead of extracting them directly, it deceives users with an alert message urging them to manually back up their keys within 12 hours. If the victim follows the instruction, the malware records the content using its accessibility logging system and sends it to the attackers.

Precautions Against the Spread of Advanced Malware

Once the malware operators obtain the seed phrase, they can restore the wallet on another device and drain the funds without leaving any trace. This approach avoids detection by traditional security systems and allows the attacks to be carried out without raising immediate suspicion.

bitcoin wallets

The discovery of Crocodilus demonstrates the growing sophistication of threats targeting the crypto sector and the need for more robust protective measures. Keeping software up-to-date, verifying the legitimacy of installed applications, and avoiding sharing sensitive information in insecure environments remain essential to reducing the risk of such attacks.

Related posts

STEPN Remains Unstoppable, Where Can the GMT Token Go?

Afroz Ahmad

eToro to delist Tron and Cardano for users based in the United States

Afroz Ahmad

The UAE has launched a pilot project of the account of oil supplies to the blockchain

alfonso