A dangerous version of the Crocodilus malware is targeting cryptocurrency users. According to a fresh alert from Cybersecurity firm Threat Fabric, the malware now includes a parser that can collect seed phrases and private keys. This makes it a major threat to crypto wallet security.
Threat Fabric’s Mobile Threat Intelligence (MTI) team confirmed the upgrade. Crocodilus still relies on accessibility logging. However, it now utilizes on-device preprocessing to extract key data. The malware formats this data using regular expressions before sending it to attackers. This gives cybercriminals ready-to-use information for account theft.
The malware first appeared in Europe. Now, it has reached users in South America, India, the US, and Southeast Asia. In Turkey, it spreads through fake casino apps. These apps overlay login pages on banking and crypto apps. In Spain, it poses as a browser update and targets most local banks. Smaller attacks have been spotted in Brazil, Argentina, Indonesia, and India.
Crocodilus can also edit a victim’s contact list. It may include fake names, such as ‘Bank Support.’ These names are linked to attacker-controlled numbers. Victims may receive calls from these contacts, increasing the risk of fraud.
Experts advise avoiding unofficial apps. Never enter seed phrases on suspicious devices. Use hardware wallets for extra protection. Crypto use is rising rapidly, and so are the malware threats. So, remember, staying alert is the best defense!
Also Read: Beware of These 10 Apps: Protect Your Crypto Wallet from Hackers