Cybersecurity Firm Threat Fabric said it found a new family of mobile-device malware that could launch a fake overlay for some apps to deceive Android users in providing their crypto seed phrases while it lasts on the device.
Threat of fabric analysts Says In a March 2 report Crypto wallet key by a certain deadline or risk of losing access.
“When a victim provides a password from the application, the overlay will display a message: I -back up your wallet key in settings for 12 hours. Otherwise the app will be reset, and you may lose access to your purse,” says the threat fabric.
“This social trick of this engineering guides the victim to navigate their key phrase phrase, allowing Crocodilus to harvest the text with the logger of its accessibility.”
Source: Threats cloth
When the threat actors have a seed phrase, they can occupy the complete control of the purse and “drain it.”
The fabric threat states despite being a new malware, Crocodilus has all features of modern banking malware, with overlay attacks, advanced data reaping by obtaining a screen information such as passwords and remote access to control over the infected device.
Initial infection occurs by Accidentally downloading malware In other software that exceeds Android 13 and security protections, according to the threat fabric.
When installed, Crocodilus requires accessing service to enable, giving hackers to get access to the device.
“When provided, the malware connects to the command-and-control server (C2) to receive instructions, including a list of target applications and overlays to be used,” says the fabric threat.
When installed, Crocodilus requests accessing access service, providing access to device hackers. Source: Threats cloth
It keeps running, monitoring the app launch and displaying overlays to interfere with credentials. When opening a targeted banking or cryptocurrency app, the fake overlay launches the top and mutes the sound as hackers control the device.
“With stolen PII and credentials, threat actors can control a victim’s device using built-in remote access, completing fraudulent transactions without discovery,” said the fabric threat.
Threat Fabrix’s Mobile Threat Intelligence Team found the malware Target users in Turkey and Spain but said that the range of use is likely to expand over time.
Related: Beware of ‘Cracked’ Tradingview-This is a crypto-stealing trojan
They also think that developers can speak Turkish, based on code records, adding that a threat actor known as Sybra or Another Hacker test The new software may be behind the malware.
“The emergence of Crocodilus Mobile Banking Trojan marks a significant increase in the level of sophistication and threats caused by modern malware.”
“Through the advanced device-takeover capabilities, remote control features, and the expansion of black overlay attacks from the earliest iterations, Crocodilus shows a level of maturity that is not uncommon for newly discovered threats,” added Threat Fabric.
Magazine: Funny ‘Chinese Mint’ Crypto Scam, Japan Dives into Stablecoins: Asia Express
