Crocodilus Mobile Malware: Evolving Fast, Going Global

June 3, 2025, 9:14 p.m.

Description

A new Android banking Trojan, Crocodilus, has rapidly evolved since its discovery in March 2025. Initially targeting Turkey, it has expanded to European countries and South America. The malware is distributed through malicious advertising on social networks, masquerading as banking and e-commerce apps. Recent developments include improved obfuscation techniques, the ability to add contacts to the victim's device, and an enhanced seed phrase collector for cryptocurrency wallets. Campaigns have been observed targeting users in Poland, Spain, and multiple global locations. The malware's sophistication and expanding reach indicate a well-organized threat actor, posing an increasing risk to users and organizations worldwide.

External References

https://www.threatfabric.com/blogs/crocodilus-mobile-malware-evolving-fast-going-global
https://otx.alienvault.com/pulse/683f4a2ab8c66d9df10523fc
Tags
social engineering
android
malvertising
cryptocurrency
banking trojan
2025-06-03
crocodilus

Date

  • Created: June 3, 2025, 7:16 p.m.
  • Published: June 3, 2025, 7:16 p.m.
  • Modified: June 3, 2025, 9:14 p.m.

Indicators

  • fb046b7d0e385ba7ad15b766086cd48b4b099e612d8dd0a460da2385dd31e09e
  • 6d55d90d021b0980528f56d040e78fa7b85a96f5c244e23f330f24c8e80c1cb2
  • rentvillcr.online
  • rentvillcr.homes
Download all indicators here!

Attack Patterns

  • Crocodilus

Additional Informations

  • Finance
  • British Indian Ocean Territory
  • India
  • Argentina
  • Poland
  • Spain
  • Indonesia
  • Brazil
  • United States of America