Cybersecurity researchers have discovered a new malicious Android Banking software called Crocodile This is primarily intended for targeting users in Spain and Turkey.
“Crocodilus goes on stage not as a simple clone, but as a full threat from the beginning, equipped with modern – Note.
As of other Bank trojans Of -a sort of malicious software designed to facilitate devices’ absorption (Hundred) and eventually conduct fake operations. Analysis of the source code and reports of debugs shows that the author of malware is Turkish.
Crocodilus Artifacts, analyzed by the Dutch Masquerade Mobile Safety Company as Google Chrome (Package Title: “Quizzical.washbowl.Calamity”), which acts as a dropper capable bypassing Android 13+ restrictions.
After installing and launching the app requires permission for Android availability services, after which contact is set with a remote server for additional instructions, a list of financial applications that will be oriented, and HTML lining, which will be used to steal the credentials.
Crocodilus is also capable of focusing on cryptocurrency cryptocurrencies, which, instead of serving a fake entry page to capture the entry information, shows a warning message calling the victims backup of its seed phrases for 12, and also risk losing access to your wallets.
This trick of social engineering is nothing but a threat to direct the victims to go to their seed phrases, which are then collected by abuse of availability, allowing them to get full control over the wallets and drain assets.
“It works constantly, monitoring applications launching and displaying copies of accounting,” Opherfabric said. “Malicious software tracks all affordability events and fixes all the elements that are displayed on the screen.”
This allows the malicious software to log in all the activities conducted on the screen, as well as run the Google Authenticor Content.
Another feature of Crocodilus is its ability to hide the malicious action on the device, showing the black screen overlay, as well as muffling the sounds, which guarantees that they go unnoticed by the victims.
Some important features supported by malicious software are below –
- Run the specified app
- Independently mutually from the device
- Place the push notification
- Send SMS -messages to all/select contacts
- Get contacts lists
- Get a list of installed applications
- Get SMS messages
- Ask the Administrator’s Administrator
- Enable the black lining
- Update the C2 server settings
- Enable/disable sound
- Enable/Disable Keyboard
- Make yourself a default SMS manager
“The occurrence of a Trojan mobile banking Crocodilus means a significant escalation at the level of sophistication and threat that presents modern malicious software,” said OPHERFABRIC.
“Thanks to the advanced device capabilities, remote controls, and the deployment of black attacks from the earliest iterations, Crocodilus demonstrates maturity in recent threats.”
Development comes as a point force disclosed Phishing details Grandoreiro Bank Trojan, focused on Windows users in Mexico, Argentina and Spain with the help of a embarrassed Visual Basic scenario.
