crocodilus

ChainCatcher message, SlowMist has released a security alert that the Android banking Trojan "Crocodilus" has recently upgraded, leading to attacks targeting global cryptocurrency users and banking applications. The main threats include: spreading through fake browser updates in Facebook ads; using overlay attacks to steal login credentials; extracting cryptocurrency wallet recovery phrases and private keys; injecting fake "bank support" numbers into contact lists; malware as a service: available for rent (100-300 USD per attack). Users are reminded to avoid unknown app updates and ad links.

ChainCatcher message, researchers from the security company ThreatFabric stated that a new type of malware, Crocodilus, can steal Android users' wallet recovery phrases. This malware spreads through proprietary drivers and bypasses the security protections of Android 13 (and higher), and installing the malware does not trigger Play Protect.The malware overlays a fake warning on the screen, urging users to "back up the wallet recovery phrase in settings within 12 hours," or they may risk losing access to their wallet.