Android Trojan Crocodilus Steals Banking and Crypto Credentials

For all you Android fans out there beware there is a new Trojan stealing credentials

Your banking and crypto credentials are at risk as the Crocodilus Trojan has been shown to bypass at least Android 13-rules and it is successful at stealing your information.

How it works

It leverages advanced Device-Takeover capabilities such as black screen overlays, where it hides then it unlocks and as well as muting sounds, thereby ensuring to remain unnoticed by the victims. Additionally, remote control, and has advanced data harvesting via accessibility logging capabilities.

Digging deeper into Crocodilus 

Once installed and launched, the app requests permission to Android's accessibility services, after which contact is established with a remote server to receive further instructions, the list of financial applications to be targeted, and the HTML overlays to be used to steal credentials. Since it runs continuously, monitoring app launches and displaying overlays to intercept your credentials.  This malware monitors all accessibility events and captures all the elements displayed on the screen. Making whatever you do available to the malware

Some of the important behaviors supported by the malware are listed below

• Request Device Admin privileges
• Update C2 server settings
• Launch specified applications
• Post a push notification & get SMS messages
• Retrieve contact lists & Send SMS messages to all/select contacts while making itself the default SMS manager
• Get a list of installed applications

Summary

Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. Stay alert!

Credits - Thehackernews.com for Blog image - ALL RIGHTS REMAIN