New Crocodilus Malware Targets Android Crypto Users

A newly discovered Android malware, named Crocodilus, deceives users into revealing their cryptocurrency wallet seed phrase by displaying a warning to back up the key to avoid losing access.

Although Crocodilus is new, it possesses fully developed capabilities to take control of the device, harvest data, and enable remote control.

Researchers at ThreatFabric, a fraud prevention company, report that the malware is distributed through a proprietary dropper that bypasses security protections in Android 13 and later versions. This dropper installs the malware without triggering Play Protect and bypasses Accessibility Service restrictions.

Crocodilus stands out for its use of social engineering, prompting victims to provide access to their crypto-wallet seed phrase. It achieves this through a screen overlay that warns users to “back up their wallet key in the settings within 12 hours” or risk losing wallet access.