- Crocodilus Android Trojan has been updated with new features
- Among them, the possibility of adding a false contact and encouraging people to accept calls
- Contacts do not synchronize with Google, say the experts
Security researchers have identified a new variant of Android malware called Crocodilus, and what distinguishes it is the possibility of adding new contacts to the list of contacts of the target device.
Crocodilus was spotted for the first time at the end of March 2025 by security researchers threaten the fabric, when described as a “very permanent mobile banking troy” using different techniques such as superposition attacks, keylogging and mistreatment of Android accessibility services, to steal sensitive data, access the bank accounts of people, steal the cryptocurrency.
Now the researchers say that the Troy is evolving to bypass conventional defense mechanisms and get even more ravaged. One of the main features introduced is the possibility of modifying the contact list on an infected device.
Bank support
“By receiving the” TR9MMRHBCRO “command, Crocodilus adds a specified contact to the victim’s contact list,” said the manufacture.
The objective of this functionality is not only to increase the control of the attacker on the device, but also to make attacks more difficult to detect.
“We believe that the intention is to add a telephone number under a convincing name such as” banking support “, allowing the attacker to call the victim while seeing legitimate,” said the researchers. “This could also bypass fraud preventive measures which report unknown numbers.”
The good news is that the false contact will not have entered the Google accounts of people, so it will not appear on other devices.
Many other improvements have also been introduced in the latest version, which mainly focuses on the escape of traditional detection mechanisms. In addition, malware now seems to have widened its target scope, to focus mainly on Turkey, to become global.
Android malware and Trojan horses are generally distributed in false and third-party application stores, social networks and emails.
Therefore, users are invited to download only Android applications from renowned sources (such as Google Play Store or Galaxy Store), and even there – to be careful. Reading criticisms, managing the number of downloads and the development of the developer’s reputation is a good way to identify malware.
Via Bleeping Compompute
