Crocodilus malware

[_act_]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.

It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

[Mia Chloe]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.
It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.
It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

Before I even read through the entire post first thing that popped up in my mind was this could be another form of modded keylogger malware and it turned out to be true. I have a friend into cyber security and he some time ago showed me how these keylogger works.

All I can say is you just have to be really careful. What keyloggers do is clone your keyboards some even add time stamps making it easier for the hacker to trace everything. Fact is if a keylogger is booted into your device you could be toast since they are pretty difficult to notice.

[EluguHcman]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.

It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

Men.... That is really explosive and i have not come across a sophisticated and terrorizing malware program as this if really it does execute these threats as said.

Although I tried several times clicking on the link for more reading as it would do crypto wallet holders, bank account holders and all that is of target to be well known about how this malwares operates so as to stay more concious not to become victim because revealed malicious programs like this provides better security conciousness when you are of a potential target.

[DYING_S0UL]

Yet another type of keylogger trojan. This is exactly why we shouldn't download random things from the internet, not install unknown apps, or give permission to sites that we are unawares of. What's more concerning is that this trojan is making users type in their wallet seeds. Nobody types in their seed phrases that frequently, we are aware of that, but a newbie might easily fall victim to it, if they were shown this message or they weren't careful enough or didn't knew how crypto works...

[Patikno]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.

It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

It is very scary if we become victims of this Malware. It is said that the Malware asks for access to be enabled and once given permission it will be able to monitor and control our devices by targeting existing applications to steal. Therefore I think we need to be aware to be careful about giving any access to our devices, and besides that I think there needs to be additional security for our devices by installing several antivirus applications that are certainly trusted and really often update against threats, so that it can prevent us from unwanted attacks.

[Dread Pirate Roberts]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.

It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

im really aware about this in the last few months . in some hacker forum they talk about this, more like a rat tools but now on smartphone . I can tell these sophisticated banking trojans are becoming increasingly dangerous.
=

[tabas]

This is one of the dangerous out there if someone contains it. So, for summary on what it can do, here's a snippet;

[...]Crocodilus which is believed to have been crafted by Turkish-speaking threat actors features call and SMS control, overlay attack, device admin and persistence, social engineering, and remote commands and settings update capabilities, as well as screen interaction and control, concealed RAT mode, Google Authenticator OTP code exfiltration, and camera activation features, a report from ThreatFabric revealed. "With its advanced Device-Takeover capabilities, remote control features, and the deployment of black overlay attacks from its earliest iterations, Crocodilus demonstrates a level of maturity uncommon in newly discovered threats," said ThreatFabric researchers.

It can easily target those victims if they are not aware of its existence or any kind of malware that they might encounter. It activates a lot of features from someone's phone if ever they're able to infiltrate the victim's device successfully.

[Obim34]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.

It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

It is very scary if we become victims of this Malware. It is said that the Malware asks for access to be enabled and once given permission it will be able to monitor and control our devices by targeting existing applications to steal. Therefore I think we need to be aware to be careful about giving any access to our devices, and besides that I think there needs to be additional security for our devices by installing several antivirus applications that are certainly trusted and really often update against threats, so that it can prevent us from unwanted attacks.

That's a pattern malware can infiltrate devices, sometimes we do give them permission from our end.

Malware disasters are not something new for anyone who has been prioritizing security and privacy when dealing with sites and applications signed into.

Having antivirus will not save you from all attacks, i prefer just being conscious of what i browse, unsolicited patch files that come through my emails or SMS, i have received a few some time ago but i don't allow my inquisitiveness drive me towards downloading and opening such messages.

[Queentoshi]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

It can know what you typed that displayed on the screen. It is said to even be an advanced keylogger, revealing your authenticator OTP. It will deceive you into providing your wallet seed phrase and many more.

It is good to read more about it:
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

Thank you for the timely information because although it is said that it's only currently affecting users in Spain and Turkey, how long before the developers of this malware decide to extend their reach to other countries.
 A threat that is capable of victimizing any crypto investor in another region should be a threat that you should also consider serious to be cautious off, doing so contributes also to you being a smart investor.

[Mrbluntzy]

I was going to post about this topic yesterday but was too busy, I saw the notification yesterday morning from chrome notification, "protect yourself against this new malware" What surprises me is that the malware can collect victims detailes through an overlay screen that will warn the app user to reactive or back up their information so that they don't lose complete access from the app, on the process of doing that, the malware will extract your password, transaction pin, seed  phrase of what ever important information.

This is really something to look out for, so that we don't become victim. I read about it from this news yesterday. www.bleepingcomputer.com/news/security/new-crocodilus-malware-steals-android-users-crypto-wallet-keys/amp/

[DYING_S0UL]

It is very scary if we become victims of this Malware. It is said that the Malware asks for access to be enabled and once given permission it will be able to monitor and control our devices by targeting existing applications to steal. Therefore I think we need to be aware to be careful about giving any access to our devices, and besides that I think there needs to be additional security for our devices by installing several antivirus applications that are certainly trusted and really often update against threats, so that it can prevent us from unwanted attacks.

That's a pattern malware can infiltrate devices, sometimes we do give them permission from our end.

Malware disasters are not something new for anyone who has been prioritizing security and privacy when dealing with sites and applications signed into.

Having antivirus will not save you from all attacks, i prefer just being conscious of what i browse, unsolicited patch files that come through my emails or SMS, i have received a few some time ago but i don't allow my inquisitiveness drive me towards downloading and opening such messages.

These viruses, malware, and trojans are evolving day by day. So having an antivirus won't be enough. Not to mention several antivirus companies like Avast, McAfee, and Kaspersky have faced many controversies in the past. So I wouldn't trust them to be 100% reliable! Who knows, they might be selling my personal data behind my back! Anyway, like you said, being self conscious should be the first approach, to make oneself aware of "do's" and "don'ts."

Lastly, no matter what we do or how many security procedures we follow, at the end of the day, one mistake and everything could be gone. So it's better to just store your private and financial information on a separate device without an internet connection. Because as long as you're connected to the internet, you are vulnerable to attack. I'm telling this from experience (two times ransomware attacks and one time clipboard virus attack victim, lol). P.s, nothing was lost.

[hugeblack]

I read the article, so Trojan still needs to be installed and granted the appropriate permissions.

Tips such as using a separate phone for two-factor authentication, a cold storage wallet, avoiding typing a wallet seed (many well-programmed wallets give you options as soon as you type the first letter), and monitoring network activity are all steps that will reduce the likelihood of such attacks succeeding, in addition to avoiding downloading random apps.

[Charles-Tim]

It can easily target those victims if they are not aware of its existence or any kind of malware that they might encounter. It activates a lot of features from someone's phone if ever they're able to infiltrate the victim's device successfully.

It can be a new malware but the old ways to avoid malware is also enough to avoid it. Malware are very easy to avoid but people's negligence has been the reason they are downloading malware.

Another thing about this malware is that you need to grant it access before it can work. I mean the accessibility permission. It is good to learn how to avoid malware. There are introduction of new malware but same old ways are easy to avoid them.

[348Judah]

The malware is said to affect users in Spain and Turkey but it is good for people to know about it. It can target your bank app, crypto wallets and have access to information on your device.

Malware is a gradual eater of and comes in disguise when we least expected, that is why we should exercise more caution on sites being visited and things we randomly download online, because they are part of the entry routes through which we fall under this attack, its now being observed that scammers are using many techniques towards releasing various attempt to introduce this form of an attack to us, while we have to stay being informed in other not to be attacked at any cause.

[Davidvictorson]

Of all of the things I read on the article about this malware, this last sentence the most chilling part

Courtesy of built-in remote access capabilities, the trojan allows operators to use stolen credentials and other information to take full control of the infected device and perform fraudulent transactions on the victim’s behalf.

So the victim can just one day be arrested at the airport by security agents because they were alledgely involved in some fraudulent activity which they had no knowledge about because it was performed by operator of this malware. We have to be very careful now.

[Porfirii]

I live in Spain and this is the first news I've read about this trojan, so thank you _act_! The positive part is that it seems to only affect android devices (did I understand correctly?), although considering the millions of users it is not a minor evil.

Keyloggers are old, but attacks are becoming more sophisticated at an accelerated pace, and there is no sign that this will change. Keep your seeds safe and offline, guys!

[tabas]

It can easily target those victims if they are not aware of its existence or any kind of malware that they might encounter. It activates a lot of features from someone's phone if ever they're able to infiltrate the victim's device successfully.

It can be a new malware but the old ways to avoid malware is also enough to avoid it. Malware are very easy to avoid but people's negligence has been the reason they are downloading malware.

Another thing about this malware is that you need to grant it access before it can work. I mean the accessibility permission. It is good to learn how to avoid malware. There are introduction of new malware but same old ways are easy to avoid them.

You're right, someone's negligence are always the reason why they are affected and infected by these malware. If they know how to take care of themselves, they won't even have the guts to download it randomly. So, the only protection is to allow it to get an approval and most likely, this kind of malware is only going to be activated if someone is too ignorant that just keeps on agreeing/approving the permission to run on the device.

[CryptSafe]

I live in Spain and this is the first news I've read about this trojan, so thank you _act_! The positive part is that it seems to only affect android devices (did I understand correctly?), although considering the millions of users it is not a minor evil.

Keyloggers are old, but attacks are becoming more sophisticated at an accelerated pace, and there is no sign that this will change. Keep your seeds safe and offline, guys!

Obviously, I do not think the trojan is only for Android users as it likely affects Apple and others as well. There have been lots of malware released by hackers who are desperate to get at people, but I just believe the safety of our assets lies in our hands and how we interact with online activities and engagements. Moreover, if we avoid unnecessary sites and links, we would not be a victim of these hackers. Avoid downloading apps and software you have no idea about and do not take because of recommendation to do what you have no knowledge about. Do a proper research before engaging with anything that would make you download or click a link to fill anyform online.

[_act_]

Obviously, I do not think the trojan is only for Android users as it likely affects Apple and others as well.

The people that detected the malware said it is for Android devices. They did not mention that it is also designed for other operative system.

But there are Trojans that can be designed for other operative systems. We really need to be very careful regardless of the operating system that we are using.

[Forsyth Jones]

Before I even read through the entire post first thing that popped up in my mind was this could be another form of modded keylogger malware and it turned out to be true. I have a friend into cyber security and he some time ago showed me how these keylogger works.
...

Many users install unnecessary apps such as document scanners, and many applications such as flashlights come pre-installed, which is why many laymen accidentally infect themselves by installing any apps they see. The same goes for apps that change the appearance of the keyboard, most of which come with built-in malware.

And what's more, a virtual keyboard doesn't reduce the risk, since it captures screen captures and even otp data of auths apps.

It is very scary if we become victims of this Malware. It is said that the Malware asks for access to be enabled and once given permission it will be able to monitor and control our devices by targeting existing applications to steal. Therefore I think we need to be aware to be careful about giving any access to our devices, and besides that I think there needs to be additional security for our devices by installing several antivirus applications that are certainly trusted and really often update against threats, so that it can prevent us from unwanted attacks.

Exactly, you need to be careful with permissions, like, why would a keyboard app ask for permission from your contact list?

I don't have any antivirus installed, nowadays they are a waste of time and malware is increasingly advancing to avoid being detected by paid AV.

If you follow good security practices, install apps from the platform's official stores, verify the source of the app and don't execute any data sent by third parties via messengers, I'm sure you'll be fine.

Even so, it's important to keep the minimum amount of ₿/Crypto in mobile wallets, since there are silent malware that may already be in possession of the user's wallet and just waiting for the right moment to drain all the funds at once. Therefore, store your seedphrase offline in a safe place, create a strong enough password/PIN and leave most of the funds in a hardware wallet or on an air-gapped device.