- Crocodilus Android Trojan has been updated with new features
- Among them is the ability to add a false contact and fool people into accepting calls
- Contacts are not synced with Google, experts say
Security researchers have seen a new Android Malware variant called Crocodilus, and what makes it stand out is the ability to add new contacts to the target unit’s contact list.
Crocodilus was first stained at the end of March 2025 by security researchers threat factory, as it was described as a “very skilled mobile banking” using various techniques such as overlay attacks, keylogging and abuse of Android’s accessibility services, to steal sensitive data, access people’s bank accounts, steal cryptocurrency and more.
Now the researchers claim that Trojan is developing to bypass classic defense mechanisms and spread even more destruction. One of the newly introduced features is the possibility of changing the contact list on an infected device.
Bank support
“After receiving the” Tru9mmrhbcro “command, Crocodilus adds a specified contact to the victim’s contact list,” explained threat factory.
The goal of this feature is not only to increase the attacker’s control over the device, but also to make attacks more difficult to detect.
“We believe the intention is to add a phone number under a compelling name as” bank support “, giving the striker the opportunity to call the victim while appearing legitimate,” the researchers explained. “This can also bypass fraud prevention measures that mark unknown numbers.”
The good news is that the false contact will not make it to people’s Google accounts so that it does not appear on other devices.
Numerous other improvements were also introduced in the latest version, which is mostly focused on avoiding traditional detection mechanisms. Furthermore, Malware now seems to have expanded its target, from focusing mostly on Turkey, to going globally.
Android Malware and Trojans are usually distributed through fake and third-party app stores, social media channels and email.
Therefore, users are advised to download only Android apps from reputable sources (such as the Google Play Store or Galaxy Store) and even there – to be careful. Reading through the reviews, remembering the download count and controlling the developer’s reputation is a great way to spot malware.
Via Bleeping computer
