According to PANews, the Crocodilus Android banking trojan has recently undergone an upgrade, leading to widespread attacks on cryptocurrency users and banking clients worldwide. Security firm ThreatFabric has identified that the malware, initially confined to Turkey, has now spread to countries including Poland, Spain, and Argentina. The latest variant of Crocodilus is capable of disguising itself as a browser update through Facebook ads, using overlay attacks to steal login credentials from banking and cryptocurrency applications.
The trojan has added new features, such as automatically extracting mnemonic phrases and private keys from cryptocurrency wallets. It can also alter victims' contact lists by inserting fake 'bank support' numbers. Attackers can now rent tools to steal cryptocurrency, with costs ranging from 100 to 300 USDT per incident. Security experts advise users to be cautious of application updates and advertisement links from unknown sources.