New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research

A new “highly capable” mobile banking malware dubbed “Crocodilus,” targets Android devices, extorting sensitive crypto wallet credentials using social engineering tactics.
A recent research by cybersecurity firm Threat Fabric found the emergence of a new malware family Crocodilus. The malware is reportedly distributed through a proprietary dropper that bypasses Android 13+ restrictions.
“Despite being new, it already includes all the necessary features of modern banking malware: overlay attacks, keylogging, remote access, and ‘hidden’ remote control capabilities,” analysts noted.
Sophisticated Android malware designed to steal cryptocurrency private keys isn’t new. In October 2024, the FBI issued a warning about a similar malware called SpyAgent, which was linked to North Korean hackers.
However, what differs in the new mobile banking Trojan Crocodilus is the “device takeover and advanced credential theft,” Threat Fabric wrote on X.
Crocodilus Displays Overlays to Target Banks and Cryptos
Crocodilus malware works on a modus operandi similar to modern “Device Takeover banking Trojan,” analysts noted. After initial installation via a proprietary dropper, the malware requests “Accessibility Service” to be enabled, they added.
In order to intercept credentials, Crocodilus connects to the command-and-control (C2) server for instructions such as overlays to be used.
Further, the threat initially appeared in Spain and Turkey, targeting several crypto wallets, the Mobile Threat Intelligence team revealed.
“We expect this scope to broaden globally as the malware evolves,” the team noted.
Additionally, the two-factor authentication (2FA) is bypassed by the malware using RAT command that triggers a screen capture on the content of the Google Authenticator application. Crocodilus captures the code displayed on the screen in the Google Authenticator app, and sends to the C2.
Malware Instructs Victims to Do the Job
Unlike other Trojans, Crocodilus overlays target crypto wallet by asking victims to take a backup of their wallet keys.
“Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet,” the overlay text reads.
This social engineering hack guides victims to navigate to their seed phrase. This inturn allows Crocodilus to extract the text using its Accessibility Logger.
“With this information, attackers can seize full control of the wallet and drain it completely,” Threat Fabric analysts said.
The post New ‘Crocodilus’ Android Malware Steals Sensitive Crypto Wallet Credentials: Research appeared first on Cryptonews.
Read More

Dragonfly Capital Leads $16M Seed Round for AI-Blockchain Startup Codex
South Korean court jails three crypto scammers for $416K fraud scheme

Three people pulled a prison sentence from a South Korean court for orchestrating an investment scheme that defrauded victims of around 610 million Korean won (approximately $416,000).
Busan District Court Criminal Division 6 convicted the defendants of breaching the Act on the Aggravated Punishment of Specific Economic Crimes.
Busan crypto scammers deceived investors with false promises
The three men ran an illicit crypto investment in a building in Busan in June 2019, deceiving investors by promising to “select and trade around 1,000 quality coins (virtual currencies) from around the world. They promised investors monthly returns equivalent to 30% of their initial investments.
The investment scammers used a proprietary trading algorithm they claimed would yield profits by exploiting market fluctuations. There was no such algorithm, and the funds raised were diverted for personal spending. In total, they defrauded the investors of 610 million won.
The court sentenced the ring leader to four and a half years in prison. The other two, who remain unnamed for legal reasons, received three and a half years, and the one for two years and six months.
While delivering the verdict, the preceding judge said the defendants took advantage of the public’s interest in cryptocurrency investment opportunities to defraud and deceive innocent investors.
According to the judge, that type of behavior erodes trust in the financial system and deserves harsh punishment.
The case underscores South Korean authorities’ growing scrutiny of crypto-related crimes. The country has introduced stricter regulations and oversight to safeguard investors and uphold market integrity in the past few years.
According to legal experts, the ruling sends a message to would-be criminals that fraud is a serious offense in the world of crypto.
South Korea’s crypto boom sparks tighter fraud crackdown
As per recent data submitted to Rep. Cha Gyu-geun of the Rebuilding Korea Party, South Korea’s cryptocurrency investors reached 16.29 million in February.
This figure represents nearly 32% of the country’s population. The data, compiled from accounts at the country’s top five domestic virtual asset exchanges – Upbit, Bithumb, Coinone, Korbit, and Gopax – shows consistent growth throughout 2024.
The number of crypto investors first surpassed 14 million in March 2024. Following Donald Trump’s election as U.S. President in November, another 500,000 people entered the market, pushing the total beyond 15 million.
In a recent report, 20% of South Korean public officials who submitted asset declarations reported owning cryptocurrency. Of 2,047 officials who filed declarations, 411 disclosed direct cryptocurrency holdings or investments.
As virtual asset-related crime methods become more sophisticated, intelligent, and international, establishing an effective crime response system through close cooperation with relevant organizations has become necessary.
Last month, the Seoul Southern District Prosecutors’ Office established a formal joint investigation unit that exclusively investigates crypto-related crimes and fraud cases.
According to a report by Aju News, the department is named the Seoul Southern District Prosecutors’ Office-run Joint Investigation Unit or JIU for Virtual Asset Crimes.
The unit will include 35 full-time employees with experience dealing with crypto crimes in South Korea, mainly prosecutors and financial regulators from the Financial Services Commission and the Financial Supervisory Service. It will be led by Chief Prosecutor Park and two deputy chief prosecutors.
The body was originally formed as a temporary task force in 2023 to handle the spike in crypto-related fraud cases. However, as the number of cases has only increased significantly in South Korea in the past two years, alongside the rise of crypto adoption in the country, the District Prosecutors’ Office decided to transform the task force into a formal joint investigation department.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now