The article discusses the emergence of the Crocodilus Android banking trojan, which has been actively targeting users in Europe and South America. Initially documented in March 2025, it masquerades as legitimate applications like Google Chrome, employing advanced obfuscation techniques to avoid detection and analysis. The malware is noted for its capability to launch overlay attacks against financial apps to harvest user credentials and capture cryptocurrency wallet seed phrases. Recent campaigns in Poland utilize fake Facebook ads to distribute the malware, marking an alarming trend in the broadening threat landscape.
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.
Crocodilus was first publicly documented in March 2025 as targeting Android device users in Spain and Turkey by masquerading as legitimate apps like Google Chrome.
Recent activity reveals multiple campaigns now targeting European countries while continuing Turkish campaigns and expanding globally to South America.
Select campaigns aimed at Poland have been found to leverage bogus ads on Facebook as a distribution vector by mimicking banks and e-commerce platforms.
Collection
[
|
...
]