Global Banking Malware Spreads to Android Users: Experts Warn of Increasing Threat

A sophisticated new strain of banking malware has emerged as a major threat to mobile banking apps and crypto wallets on Android phones, according to security researchers.

Crocodilus, the malware in question, is equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This allows it to evade detection and steal personal data from unsuspecting users.

First detected by fraud prevention firm ThreatFabric in March, Crocodilus has since expanded its reach to become a truly global threat. Its campaigns are no longer confined to specific regions, underscoring the malware’s increasing sophistication.

One of the most alarming evolutions of Crocodilus is its ability to infiltrate a user’s contact list and add itself to it, bypassing fraud detection programs that flag callers not in a user’s contacts. This allows the malware to make calls appear legitimate, making it harder for users to detect the threat.

Crocodilus has already been observed targeting high-value assets, including banks in Spain and Turkey, as well as popular cryptocurrency wallets. Experts warn that this level of maturity is uncommon in newly discovered threats, indicating a high level of engineering and sophistication behind the malware.

The rise of new threats like Crocodilus highlights the need for financial institutions to adopt a layered security approach that includes thorough device and behaviour-based risk analysis on their customers’ devices. Basic signature-based detection methods are no longer enough to stay protected against such sophisticated threats.

Security experts warn that users should take immediate action to protect themselves from this emerging threat, including keeping their Android devices updated with the latest security patches and using reputable antivirus software.

Source: The Daily Hodl