The new crocodilus of Android malware uses social tips to steal cryptography keys

A newly discovered Android malware called crocodilus Soules concerns about its ability to steal references sensitive to cryptocurrency portfolios through social engineering. Although the targeting users recently observed in Spain and Turkey, the advanced capacities of the malware suggest that a wider deployment could follow.

Crocodilus is distributed by a owner droppings which bypasses Android 13 and subsequent safety protections, elected detection from Google Protect’s game system.

Once installed, it requires access to the accessibility service, a feature intended to help disabled users, but which also allows malicious software to monitor screen content, simulate gestures and interact with applications.

What distinguishes Crocodilus is its use of a convincing superposition screen that warns users to save their portfolio key within 12 hours or to lose access. This prompt is designed to guide the victims to navigate to the seed phrase in their cryptographic portfolio, which the malware records using an accessibility recorder. With access to the seed sentence, attackers can take total control of the portfolio.

Beyond the theft of seed sentences, Crocodilus can also load false overlays above banking or cryptographic applications to intercept identification information. The Bot Du Malware component supports 23 orders, which allows it to:

• Activate call transfer
• Read and send SMS messages
• POST PUSH notifications
• Application launch
• Lock the screen
• Gain device administration privileges
• Define as a default SMS manager
• Mute or activate sound
• Activate a black overlap

It also includes Trojan features to remote access, allowing attackers to carry out screen valves, scanning gestures and take screenshots, including in particular Google Authenticator, allowing them to capture unique passwords used for multi-factor authentication.

Although these operations are carried out, Crocodilus can activate a black screen superposition and cut the device to hide its activity, which makes it locked or inactive. The initial infection method is not entirely confirmed but is suspected of involving malicious websites, false promotions on social networks or SMS and third -party application stores.

Wider implications: a new era of mobile cyber-menaces

Crocodilus is a warning sign of what will happen in mobile cybercrime. It reveals several disturbing trends:

• Advanced escape tactics: malicious software evolves to bypass even the latest Android protections.
• Abuse of accessibility features: these features, although they are essential for certain users, become a major attack vector.
• Rise of social engineering: Cybercriminals improve to manipulate users to compromise themselves.
• Target MFA and authentication applications: even tools designed to secure your accounts are now undermined.

How ordinary users can protect themselves

Although Crocodilus is sophisticated, everyday users can always take proactive measures to avoid dangerous applications and minimize their risk. Here’s how:

1. Never share your phrase of wallet seeds

• No legitimate application will ask you to “save” via a pop-up.
• Write it offline and store it safely-do not enter it unless you restore a wallet yourself.

2. Avoid side loading applications

• Do not install APK from third -party sites, links in SMS messages or unknown social media promotions. Take Google Play Store, which is monitored for malicious behavior.

3. Use Google Play Protect – and continue it

• Access Settings> Safety> Google Play Protect to make sure it is activated. This tool can detect and deactivate known malware before causing damage.

4. Be careful with application authorizations

• If an application requires an accessibility service or administration privileges of the device, be very skeptical.
• Check the application journals and the developer’s history before granting such access.

5. Use a renowned mobile security application

• Consider installing a confidence safety application (for example, Bitdefender or Malwarebytes for real -time protection.

6. Activate the MFA – but wisely

• Use hardware keys or authenticator applications that support biometric access and screen obscuscation.
• Monitor malware that is trying to access applications like Google Authenticator – Do not keep them unnecessarily in the background.

7. Regularly update your operating system and Android applications

• Corrects and security updates close the vulnerabilities operated by malware like Crocodilus.
• Activate automatic updates as far as possible.