🎁 Airdrop Season 7 is LIVE - Answer Fun Questions to Earn $30K Prize Pool Rewards. JOIN NOW!

Fake Screens, Real Theft: Crocodilus Malware Targets Android Crypto Users

Key Takeaways

  • ​Crocodilus tricks Android users with fake backup messages to steal crypto seed phrases;
  • The malware records sensitive info by overlaying fake screens on crypto and banking apps;
  • Crocodilus runs quietly in the background, giving attackers remote access without user detection.​

Free Airdrop Season 7 is LIVE! Answer fun questions or do simple tasks to earn rewards from the $30K BitDegree prize pool. Participate Now ! 🔥

Fake Screens, Real Theft: Crocodilus Malware Targets Android Crypto Users

Crocodilus, a newly discovered Android threat, is putting crypto wallet users at risk by using fake app screens to trick people into giving up their recovery phrases.

According to a March 28 report by Threat Fabric, a cybersecurity company, Crocodilus displays a message that urges users to back up their crypto wallet key within a short time. The message claims that failing to do so could result in losing access to the wallet.

Once the phrase is visible on the screen, the malware records the text through a tool that monitors screen activity. If the attacker gets the full recovery phrase, they can access the wallet and move all its contents.

What is an NFT? (Explained with Animations)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Although Crocodilus is a new threat, it includes several features found in advanced malware. These include fake overlays, the ability to take control of a device, and tools to collect passwords and other sensitive data.

Threat Fabric says the malware contacts a remote server after installation. It receives commands from this server, including which apps to target and which fake screens to show. The malware stays active in the background and checks what apps are opened. If a crypto or banking app is launched, Crocodilus displays a fake screen over it to gather login details.

It also mutes the sound while operating, so users may not notice anything unusual. With access to passwords and other personal details, attackers can use the phone remotely and make transactions without setting off alarms.

On March 18, cybersecurity firm Malwarebytes discovered that scammers were promoting a counterfeit version of TradingView Premium. What did the fake platform do? Read the full story.

Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.

Loading...
binance
×
Verified

$600 WELCOME BONUS

Earn Huge Exclusive Binance Learners Rewards
5.0 Rating