Latest news with #Crocodilus
Fox News
19-06-2025
- Fox News
Android malware poses as fake contacts to steal your personal data
Hacking keeps evolving, just like any other profession. Cybercriminals are always upgrading their tools, especially malware, to find new ways to scam people and steal data or money. The old tricks no longer work as well. Basic phishing rarely fools anyone twice, so hackers constantly look for new ways to break in. They rely on whatever grabs your attention and doesn't raise suspicion, things like social media ads, fake banking apps or updates that look completely normal. One of the fastest-growing threats in this space is Crocodilus. First detected in early 2025, this Android banking Trojan takes over your contact list to make its scams look more legitimate and harder to spot. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. The Crocodilus malware was first documented by ThreatFabric cybersecurity researchers in late March 2025. They highlighted its extensive data theft and remote control capabilities. Crocodilus uses Facebook to infect devices. It appears in ads that look normal, but once clicked, the malware installs itself on your device. In some cases, it mimicked banking and e-commerce apps in Poland, promising users free points in exchange for downloading an app. The link led to a fake site that delivered the malware. Although the ad was only live for a few hours, it still reached thousands of users, most of whom were over 35, a group more likely to have money in the bank. Smaller but growing campaigns have also been reported in the United States, where Crocodilus disguised itself as crypto wallet tools, mining apps and financial services. These fake apps are often distributed through social media ads or phishing links, targeting Android users who are less likely to question a "legit-looking" financial app. While not yet widespread, the presence of Crocodilus in the U.S. underscores its global reach and rapidly evolving tactics. The Trojan has also been spotted in Spain, where it disguised itself as a browser update, targeting nearly every major Spanish bank. In Turkey, it posed as an online casino app. And the threat doesn't stop there. One of the biggest concerns with Crocodilus is its ability to add fake contacts to your phone, inserting entries like "Bank Support" into your contact list. So, if an attacker calls pretending to be from your bank, your phone may not flag it because it appears to be a trusted number, making social engineering scams much more convincing. The latest version also includes a more advanced seed phrase collector, especially dangerous for cryptocurrency users. Crocodilus monitors your screen and uses pattern matching to detect and extract sensitive data, such as private keys or recovery phrases, all before quietly sending it to the attacker. Crocodilus shows us what the next wave of mobile threats might look like. It uses real ads to get into your phone. It blends into your digital life in ways that feel familiar. It does not need flashy tricks to succeed. It just needs to appear trustworthy. This kind of malware is designed for scale. It targets large groups, works across different regions and updates fast. It can pretend to be a bank, a shopping app or even something harmless like a browser update. The scary part is how normal it all looks. People are not expecting something this malicious to hide inside something that looks like a gift. The creators of Crocodilus understand how people think and act online. They are using that knowledge to build tools that work quietly and effectively. And they are not working alone. This kind of operation likely involves a network of developers, advertisers and distributors all working together. 1. Avoid downloading apps from ads or unknown sources: Crocodilus often spreads through ads on social media platforms like Facebook. These ads promote apps that look like banking tools, e-commerce platforms or even crypto wallets. If you click and install one, you might be unknowingly downloading malware. Always search for apps directly on trusted platforms like the Google Play Store. Do not install anything from random links, especially those shared through ads, messages or unfamiliar websites. 2. Avoid suspicious links and install strong antivirus protection: Crocodilus spreads through deceptive ads and fake app links. These can look like legitimate banking tools, crypto apps or browser updates. Clicking on them may quietly install malware that hijacks your contacts, monitors your screen or steals login credentials. To stay safe, avoid clicking on links from unknown sources, especially those that promise rewards or warn of urgent problems. Installing strong antivirus software on your Android device adds another layer of protection. It can scan downloads, block malicious behavior and warn you about phishing attempts before they become a bigger issue. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Review app permissions carefully before and after installation: Before you install an app, take a moment to look at the permissions it asks for. If a shopping app wants access to your contacts, messages or screen, that is a red flag. After installing, go to your phone settings and double-check what permissions the app actually has. Malware like Crocodilus relies on overreaching permissions to steal data and gain control. If anything seems unnecessary, revoke the access or uninstall the app entirely. 4. Keep your Android device updated at all times: Security patches are released regularly to block known vulnerabilities. Crocodilus is designed to take advantage of outdated systems and bypass newer Android restrictions. By updating your phone and apps regularly, you reduce the chances of malware slipping through. Set your device to install updates automatically when possible and check manually every so often if you are not sure. 5. Consider using a data removal or monitoring service: While not a direct defense against malware, data removal services can help minimize the damage if your information has already been leaked or sold. These services monitor your personal data on the dark web and offer guidance if your credentials have been compromised. In a case like Crocodilus, where malware may harvest and transmit banking info or crypto keys, knowing your data exposure early can help you act before scammers do. Check out my top picks for data removal services here. 6. Turn on Google Play Protect: Google Play Protect is a built-in security feature on Android phones that scans your apps for anything suspicious. To stay protected, make sure it's turned on. You can check this by opening the Play Store, tapping your profile icon and selecting Play Protect. From there, you can see if it's active and run a manual scan of all your installed apps. While it may not catch everything, especially threats from outside the Play Store, it's still an important first layer of defense against harmful apps like Crocodilus. 7. Be skeptical of unfamiliar contacts or urgent messages: One of the newer tricks Crocodilus uses is modifying your contact list. It can add fake entries that look like customer service numbers or bank helplines. So, if you receive a call from "Bank Support," it might not be real. Always verify phone numbers through official websites or documents. The same applies to messages asking for personal details or urgent logins. When in doubt, do not respond or click any links. Contact your bank or service provider directly. Crocodilus is one of the most advanced Android banking Trojans seen so far. It spreads through social media ads, hides inside apps that look real and collects sensitive data like banking passwords and crypto seed phrases. It can also add fake contacts to your phone to trick you during scam calls. If you use Android, avoid downloading apps from links in ads or messages. Only install apps from trusted sources like the Google Play Store. Keep your phone updated, and be careful if something looks too good to be true because it probably is. Who should be held accountable when malware like Crocodilus spreads through platforms like Facebook? Let us know by writing to us at For more of my tech tips anbd security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Scottish Sun
04-06-2025
- General
- Scottish Sun
Urgent warning to all mobile users as crooks plant FAKE contacts for banks – they can even pretend to be mum and dad
Find out what to do to protect yourself below BREAK THE BANK Urgent warning to all mobile users as crooks plant FAKE contacts for banks – they can even pretend to be mum and dad Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) CRUEL cyber crooks have found a way to add fake contacts onto people's phones in an attempt to gain trust and empty bank accounts. Cyber security experts have warned that the scam is a "truly global threat". Sign up for Scottish Sun newsletter Sign up 1 Experts believe crooks use it to fake being bank support callers Credit: Getty The latest danger leads victims to believe they're being called by a trusted person such as their bank, when actually it's the scammers behind it. This means a "bank support" contact will appear on screen, leading targets to believe it's safe. In doing so, bad actors can pretend to be your bank and dupe you into giving access to your account. Technically, they could masquerade as anyone, such as loved ones or friends. Read more about Android FAT THUMBS Android owners warned of new Google Play Store apps that could cost you £5,000 It's all part of an evolved Android malware campaign known as Crocodilus. Hackers can only modify contact lists of those infected by it. "We believe the intent is to add a phone number under a convincing name such as 'Bank Support', allowing the attacker to call the victim while appearing legitimate," experts at Threat Fabric warned. "This could also bypass fraud prevention measures that flag unknown numbers." The cyber security firm first uncovered Crocodilus targeting people in Turkey in March. But now the company claims it has spread to other countries across the globe. Three little-known ways 'unknown tracker alerts' on Android can keep you safe "With newly added features, Crocodilus is now more adept at harvesting sensitive information and evading detection," Threat Fabric continues. "Notably, its campaigns are no longer regionally confined; the malware has extended its reach to new geographical areas, underscoring its transition into a truly global threat. "This shift not only broadens the potential impact but also suggests a more organised and adaptive threat actor behind its deployment. "As Crocodilus continues to evolve, organisations and users alike must stay vigilant and adopt proactive security measures to mitigate the risks posed by this increasingly sophisticated malware." How to stay safe As ever, money-grabbing malware of this kind usually comes from apps downloaded outside of the Google Play Store. So it's best to stick to apps from the official platform. It's also important to ensure you have Play Protect switched on as this will help pick up on suspicious activity.
The Sun
04-06-2025
- Health
- The Sun
Urgent warning to all mobile users as crooks plant FAKE contacts for banks – they can even pretend to be mum and dad
CRUEL cyber crooks have found a way to add fake contacts onto people's phones in an attempt to gain trust and empty bank accounts. Cyber security experts have warned that the scam is a "truly global threat". 1 The latest danger leads victims to believe they're being called by a trusted person such as their bank, when actually it's the scammers behind it. This means a "bank support" contact will appear on screen, leading targets to believe it's safe. In doing so, bad actors can pretend to be your bank and dupe you into giving access to your account. Technically, they could masquerade as anyone, such as loved ones or friends. It's all part of an evolved Android malware campaign known as Crocodilus. Hackers can only modify contact lists of those infected by it. "We believe the intent is to add a phone number under a convincing name such as 'Bank Support', allowing the attacker to call the victim while appearing legitimate," experts at Threat Fabric warned. "This could also bypass fraud prevention measures that flag unknown numbers." The cyber security firm first uncovered Crocodilus targeting people in Turkey in March. But now the company claims it has spread to other countries across the globe. "With newly added features, Crocodilus is now more adept at harvesting sensitive information and evading detection," Threat Fabric continues. "Notably, its campaigns are no longer regionally confined; the malware has extended its reach to new geographical areas, underscoring its transition into a truly global threat. "This shift not only broadens the potential impact but also suggests a more organised and adaptive threat actor behind its deployment. "As Crocodilus continues to evolve, organisations and users alike must stay vigilant and adopt proactive security measures to mitigate the risks posed by this increasingly sophisticated malware." How to stay safe As ever, money-grabbing malware of this kind usually comes from apps downloaded outside of the Google Play Store. So it's best to stick to apps from the official platform. It's also important to ensure you have Play Protect switched on as this will help pick up on suspicious activity.
The Irish Sun
04-06-2025
- Business
- The Irish Sun
Urgent warning to all mobile users as crooks plant FAKE contacts for banks – they can even pretend to be mum and dad
CRUEL cyber crooks have found a way to add fake contacts onto people's phones in an attempt to gain trust and empty bank accounts. Cyber security experts have warned that the scam is a "truly global threat". 1 Experts believe crooks use it to fake being bank support callers Credit: Getty The latest danger leads victims to believe they're being called by a trusted person such as their bank, when actually it's the scammers behind it. This means a "bank support" contact will appear on screen, leading targets to believe it's safe. In doing so, bad actors can pretend to be your bank and dupe you into giving access to your account. Technically, they could masquerade as anyone, such as loved ones or friends. Read more about Android It's all part of an evolved Hackers can only modify contact lists of those infected by it. "We believe the intent is to add a phone number under a convincing name such as 'Bank Support', allowing the attacker to call the victim while appearing legitimate," experts at Threat Fabric warned. "This could also bypass fraud prevention measures that flag unknown numbers." Most read in Tech The cyber security firm first uncovered Crocodilus targeting people in Turkey in March. But now the company claims it has spread to other countries across the globe. Three little-known ways 'unknown tracker alerts' on Android can keep you safe "With newly added features, Crocodilus is now more adept at harvesting sensitive information and evading detection," Threat Fabric continues. "Notably, its campaigns are no longer regionally confined; the malware has extended its reach to new geographical areas, underscoring its transition into a truly global threat. "This shift not only broadens the potential impact but also suggests a more organised and adaptive threat actor behind its deployment. "As Crocodilus continues to evolve, organisations and users alike must stay vigilant and adopt proactive security measures to mitigate the risks posed by this increasingly sophisticated malware." How to stay safe As ever, money-grabbing malware of this kind usually comes from apps downloaded outside of the Google Play Store. So it's best to stick to apps from the official platform. It's also important to ensure you have Must-know Android tips to boost your phone Get the most out of your Android smartphone with these little-known hacks:
Daily Mirror
04-06-2025
- General
- Daily Mirror
Android phone users told to 'stay vigilant' - ignoring new alert will be costly
Android users are, once again, being urged to stay alert and be careful before installing apps onto their phones. There's another new warning for those with Android phones in their pockets, and ignoring this latest alert could prove very costly. It appears cyber crooks are, once again, trying their luck at targeting Android phones and this time they are using an attack that's been branded "Crocodilus". This threat uses a clever tactic in a bid to steal money, and it could prove highly lucrative for the scammers and very damaging for those affected. According to the team at Threat Fabric, the worrying attack begins via adverts displayed on popular social media platforms. These pop-ups, which look highly convincing, encouraged users to download an app to claim prizes and financial incentives. However, once installed, the app then sets about infecting devices with Crocodilus, and one of the scariest features of this bug is its ability to add names and numbers to users' contact lists. "A key feature update is the ability to modify the contact list on an infected device," Threat Fabric explained. "We believe the intent is to add a phone number under a convincing name such as 'Bank Support', allowing the attacker to call the victim while appearing legitimate. This could also bypass fraud prevention measures that flag unknown numbers." It's a worrying scam that could leave users out of pocket if they drop their guard and aren't aware that their contacts have been tampered with. Threat Fabric is now urging all Android users to "stay vigilant". "The latest campaigns involving the Crocodilus Android banking Trojan signal a concerning evolution in both the malware's technical sophistication and its operational scope," the Threat Fabric team added. "As Crocodilus continues to evolve, organisations and users alike must stay vigilant and adopt proactive security measures to mitigate the risks posed by this increasingly sophisticated malware." One good piece of advice is to download apps only from official online marketplaces such as Google's Play Store. Before installing any software, it's also a good idea to check the developer and read the reviews as these will often give you a good idea of issues with the app before installing it.
