A new type of Android malware called Crocodilus has been discovered, and it can take full control of your phone to steal your cryptocurrency.
A Dangerous New Threat is Stealing Crypto from Phones
This dangerous software tricks users into giving away their private keys, which are the most important piece of information needed to access a crypto wallet. Once hackers get these keys, they can empty the entire wallet within seconds.
Cybersecurity experts at Threat Fabric recently revealed details about this malware, warning that it is spreading rapidly. Crocodilus is different from other viruses because it doesn’t just steal passwords—it hijacks the entire phone and operates silently in the background. This means a victim may not even realize their money is gone until it’s too late.
Crocodilus is designed to target banking and cryptocurrency apps. Once installed on a phone, it waits until the user opens one of these apps.
How Crocodilus Steals Crypto Without You Knowing
The moment a person tries to log in, the malware launches a fake screen that looks just like the real app. This trick is known as an overlay attack.
When the victim opens their crypto app, a fake screen appears that looks exactly like the original. This fake screen asks the user to enter their password. Once the password is entered, the hackers immediately capture it. A message appears, warning the user to back up their wallet key within 12 hours or risk losing access. The victim is then guided to the wallet’s settings, where their seed phrase is displayed. Crocodilus secretly records this seed phrase using special tools that capture everything on the screen.
With this information, hackers can gain full control of the wallet and steal all the funds. The malware also mutes the phone’s sound while performing these actions, making it even harder for users to notice anything suspicious.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
How This Malware Gets Onto Your Phone
The scariest part about Crocodilus is how easily it can infect a device. Unlike older malware that required people to download shady apps, this new virus is hidden inside seemingly normal software. Once installed, it tricks users into enabling accessibility services—a feature meant to help people with disabilities but is often misused by hackers.
When Crocodilus is installed, it asks for special permissions to control the phone. Once granted, it connects to a remote server where hackers send it commands. The malware begins monitoring all activity on the phone. When a targeted app is opened, the fake overlay attack is triggered. Hackers take control of the phone without the victim noticing.
Crocodilus is already spreading in Turkey and Spain, but experts warn that it could soon target users in more countries. The developers of the malware seem to speak Turkish, but no one knows exactly who they are. Cybersecurity teams are still investigating whether a well-known hacker or a new cybercriminal group is behind this attack.
Unlike traditional malware, Crocodilus has advanced features that make it harder to detect. It can take screenshots, record keystrokes, and even control the device remotely. This allows hackers to approve fraudulent transactions without needing to steal passwords separately.
What You Need to Know to Stay Safe
Security experts say Crocodilus is one of the most dangerous banking malware threats ever discovered. It combines multiple hacking techniques into one, making it very hard to stop once it infects a device.
Threat Fabric warns that Crocodilus is likely to evolve and spread further. As it becomes more sophisticated, more Android users could fall victim to its attacks. The best way to stay safe is to stay informed and be cautious about the apps you install and the permissions you grant.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
