Widely known cryptocurrency wallets, as well as banks in Spain and Turkey, have already been targeted in attacks involving the novel sophisticated Crocodilus Android trojan, which combines bot and remote access trojan capabilities to facilitate banking and cryptocurrency credential compromise, according to Security Affairs.
Aside from leveraging a dropper to evade restrictions in devices running on Android 13 and newer versions, Crocodilus which is believed to have been crafted by Turkish-speaking threat actors features call and SMS control, overlay attack, device admin and persistence, social engineering, and remote commands and settings update capabilities, as well as screen interaction and control, concealed RAT mode, Google Authenticator OTP code exfiltration, and camera activation features, a report from ThreatFabric revealed. "With its advanced Device-Takeover capabilities, remote control features, and the deployment of black overlay attacks from its earliest iterations, Crocodilus demonstrates a level of maturity uncommon in newly discovered threats," said ThreatFabric researchers.
