Crocodilus Mobile Malware: Evolving Fast, Going Global

SUMMARY :

A new Android banking Trojan, Crocodilus, has rapidly evolved since its discovery in March 2025. Initially targeting Turkey, it has expanded to European countries and South America. The malware is distributed through malicious advertising on social networks, masquerading as banking and e-commerce apps. Recent developments include improved obfuscation techniques, the ability to add contacts to the victim's device, and an enhanced seed phrase collector for cryptocurrency wallets. Campaigns have been observed targeting users in Poland, Spain, and multiple global locations. The malware's sophistication and expanding reach indicate a well-organized threat actor, posing an increasing risk to users and organizations worldwide.

OPENCTI LABELS :

social engineering,banking trojan,android,malvertising,cryptocurrency,crocodilus


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Crocodilus Mobile Malware: Evolving Fast, Going Global