Dangerous new Android malware is adding fake contacts to your phone while draining bank accounts
A new Android malware strain is making the rounds online that makes it incredibly difficult to distinguish who's actually calling you as it was recently updated with the ability to add fake contacts to your phone.
As reported by BleepingComputer, the malware in question is called Crocodilus, and it was first discovered back in March of this year by Threat Fabric. While it was initially used to target crypto users in Turkey to drain their wallets, the malware is now being distributed on a global scale and is currently being used to target the best Android phones in the U.S., Spain, Argentina, Brazil, Indonesia and India.
In a blog post, the cybersecurity firm Field Effect explains that Crocodilus is distributed using a custom dropper so that it can bypass Android's built-in security measures. For instance, it doesn't need access to Android's Accessibility Services or other user permissions to end up on a vulnerable smartphone. Likewise, it's also able to bypass the built-in defenses of Google Play Protect.
Crocodilus' latest new ability is particularly worrying since hackers can easily use it in social engineering attacks. For instance, you might see a call come through from your bank after visiting a malicious website on your phone. However, since Crocodilus can now be used to add fake contacts to your phone, it could actually be hackers trying to scam you out of your hard-earned cash on the other end of the line.
Here's everything you need to know about this new threat, including some tips and tricks to help you stay safe from hackers trying to infect your smartphone with malware.
Though still quite new, Crocodilus is already a full-featured Android malware with loads of malicious capabilities. For example, it can remotely take over your smartphone, steal data from it and use overlay attacks to mimic popular financial and banking apps to steal your credentials.
Now, in the latest version of this malware, the ability to add fake contacts to a victim's phone has been added to Crocodilus. Once this is done, the device will display the name listed in a caller's contact profile as opposed to their caller ID when an incoming call is received.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
With this new capability, hackers using the Crocodilus malware in their attacks can easily impersonate banks, trusted companies and even your friends and family members. Given that more people text than call these days, potential victims could easily fall for a text from a friend or family member asking them to send money in an emergency and have no idea that they did so.
It's also worth noting that these fake contacts aren't tied to your Google account. Instead, they remain on an infected phone and won't sync with your other devices once you log in to them.
At this time, it's currently unknown how Android users are being tricked into infecting their phones with the Crocodilus malware. However, Field Effect's researches suggest that the malware is likely being distributed via malicious sites, fake promotions sent through social media or via text and on third-party app stores.
You can never be too careful on your phone and this is especially true with new malware strains like Crocodilus. From clicking a bad link to downloading a malicious app, there are plenty of ways in which your devices can become infected with a virus.
For this reason, I always recommend limiting the number of apps on your phone. This is because even good apps can go bad when injected with malicious code and it's always easier to ensure that the apps you do have installed are up to date when there are few of them overall.
At the same time, you want to stick to downloading new apps from the Google Play Store or other first-party Android app stores like the Samsung Galaxy Store or the Amazon App Store. The reason being is that the apps on unofficial, third-party app stores don't go through the same rigorous security checks that they would on other platforms.
To stay safe from Android malware, first and foremost, you want to make sure that Google Play Protect is enabled on your smartphone. This free security tool scans all of the new apps you download as well as any existing apps on your phone for malware and other threats. However, as hackers will often find ways to bypass Android's built-in security tools like we've seen here, you may also want to consider downloading and installing one of the best Android antivirus apps for extra protection.
If you want to be extra safe, though, the best identity theft protection services can help you regain your identity and any funds lost to fraud after a major malware attack.
Given that the Crocodilus malware has already been updated quite frequently despite it being fairly new, I expect this won't be the last we hear of this Android malware strain, especially now that hackers are using it in attacks in even more countries.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
43 minutes ago
- Yahoo
Insider buying of Canadian oil and gas stocks at 'some of highest levels we've seen' in 5 years: BMO
Insider stock buying among executives at Canadian oil and gas companies is near five-year highs, according to a BMO Capital Markets analyst who tallied up $54 million in open-market purchases in the 90 days since March 1. Canadian oil and gas stocks have been a rollercoaster ride for investors over the past three months. U.S. President Donald Trump's trade tariffs created unprecedented uncertainty for the industry, which relies on America as its top buyer of crude. At the same time, fears of a weaker economy due to global trade are weighing on forecasts for demand. BMO analyst Jeremy McCrea says $54 million in purchases over 90 days represents 'some of the highest levels we've seen over the past five years,' while demonstrating confidence for stocks at current prices. BMO says Canadian oil and gas company insiders purchased $12 million and $20 million worth of stock, respectively, in the same periods in 2024 and 2023. 'Although there are many reasons why insiders sell (tax implications, restricted stock units, etc.), there is one reason they buy,' McCrea wrote in a note to clients on Wednesday. 'That in turn should help build investor confidence, especially as it relates to investing alongside management, and ultimately, reassurance that there are no 'skeletons in the closet.'' He found the largest purchases by CEOs were from the top executives at PrairieSky Royalty ( Whitecap Resources ( and Tourmaline Oil ( 'The CEO of PrairieSky made one of his largest purchases within the sector, buying 72,000 shares or $1.68 million worth of stock at an average price of about $23.40 per share,' McCrea wrote. 'With the stock trading slightly below that price today, it grants investors the rare opportunity to come in alongside the CEO." According to BMO, Tourmaline CEO Mike Rose recently purchased about $2.21 million worth of his company's stock at an average price of about $63, and has been a regular buyer over the last several years. Whitecap CEO Grant B. Fagerheim reportedly added $1.34 million worth of his company's stock in the last week, following the close of the company's merger with Veren. 'This would also be one of the larger quarterly purchases made by Grant Fagerheim in his role as CEO of Whitecap,' McCrea wrote. Fagerheim has been CEO since 2009. In terms of total buying from insiders, BMO says Obsidian Energy ( ($16.8 million), Peyto Exploration & Development ( ($10.1 million), and Strathcona Resources ( ($7.2 million) were the top companies included in its analysis. Jeff Lagerquist is a senior reporter at Yahoo Finance Canada. Follow him on Twitter @jefflagerquist. Download the Yahoo Finance app, available for Apple and Android. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Miami Herald
an hour ago
- Miami Herald
Why 1Password is The Travel Accessory I Never Leave Behind
This post is sponsored by 1Password. If you've ever tried managing a family trip, you know the chaos is real. Between booking flights, wrangling hotel check-ins, and keeping everyone's travel docs straight, the last thing you want to worry about is where you saved your Airbnb login. That's why 1Password has become my go-to travel tool-not just for me, but for the entire family. While 1Password is known as a password manager, seasoned travelers know it's much more. As Sophia Orlando, SheBuysTravel's CTO, explains: '1Password isn't just a place to store passwords (though it does that really well). It's where I keep everything I might need while traveling: passport numbers, credit cards, TSA PreCheck info, emergency contacts, frequent flyer logins, even random international transit apps I'll forget about a week later. And I know it's all secure.' This approach transforms what could be a scattered collection of login details, photos of documents, and hastily saved bookmarks into one organized, accessible place. No more digging through email threads to find that hotel confirmation number or trying to remember which app you used to book that cooking class in. Apple's iCloud Keychain does a good job of managing passwords, as long as everyone in your family is on an Apple device. However many families have a mixed tech ecosystem. Maybe your spouse is on Android, the kids have Chromebooks for school, and you toggle between Mac and PC for work. This is where 1Password's cross-platform compatibility becomes invaluable. Whether you're using iOS, Android, Mac, Windows, your family's digital life travels with you. The browser extensions work seamlessly across Chrome, Safari, and Firefox, ensuring that Disney+ login or that obscure transit app works regardless of which device you grab at the airport. Understanding 1Password's security model helps explain why it's particularly suited for travel. Your data receives end-to-end encryption protection, meaning no one, not even 1Password, can read your password. Added to that, everything saved in 1Password is encrypted locally on your device before reaching their servers. The Secret Key feature adds a second layer of protection, a unique, locally stored component that works alongside your Master Password. Think of it as a second lock on your safe that only your device knows about. Even if someone accessed 1Password's servers, they'd find only encrypted data. In that sense, it's like a safe deposit box at your local bank. As Orlando notes: 'From a technical standpoint, 1Password uses end-to-end encryption and a zero-knowledge setup, so even 1Password can't see what's inside my vault. That matters to me. But honestly, what I appreciate most is the peace of mind. If I'm in a different country and I need access to something important-I don't have to dig through emails or try to remember a password I created two years ago.' 1Password for Families introduces shared vaults that transform family travel coordination. Create a dedicated 'Summer 2025 Trip' vault and populate it with everyone's passport copies, the Airbnb reservation, insurance information, and that carefully curated list of must-try gelato spots. Instant access for everyone, with real-time syncing that eliminates the midnight 'Can you send me the flight confirmation again?' texts. Fellow SheBuysTravel author Jennifer Mitchell has experienced this transformation firsthand: 'We've been using 1Password for years, and it's been a total game changer for our family. It's so convenient to have all our shared logins-like streaming services or travel accounts-in one place. Plus, we each get our own private vault for personal items we need to keep track of. When we're traveling, it's quite handy to pull up flight details, hotel info, or rental car reservations without digging through emails.' One of 1Password's most underrated features addresses a uniquely modern travel concern: what happens when you need to cross borders with sensitive data on your devices? Travel Mode lets you temporarily remove sensitive vaults with a single toggle, showing customs agents or airport inspectors only what you choose to keep accessible. During a recent international trip, I activated Travel Mode before departure, keeping only essential travel information including flight details, hotel bookings, and emergency contacts, while temporarily hiding banking logins and tax documents. Once I reached my destination, everything returned with another simple toggle. The peace of mind was worth the feature alone. Travel involves uncertainty, but managing your digital life doesn't have to add to the stress. 1Password provides the infrastructure that lets families move confidently through airports, Airbnbs, and amusement parks with one less worry. 1Password is kicking off the summer travel season with a special offer. Use our links to save 50% off your first year, whether you choose an individual plan or a family plan, which enables you to set up accounts for up to five family members. My crew is on the Family plan, and honestly, it's fantastic. 1Password securely stores your passwords, documents, credit cards, and much more, making it an indispensable, easy-to-use tool for managing your digital life. Why You Should Keep a Penny in the Freezer & Other Ways to Keep Your Home Safe While You're AwaySingle Mom Vacation IdeasHow to Travel Solo as a WomanRoad Trip Planner: How to Plan an Epic Road Trip The post Why 1Password is The Travel Accessory I Never Leave Behind appeared first on She Buys Travel. Copyright © 2025 SheBuysTravel · All Rights Reserved
Yahoo
an hour ago
- Yahoo
OnePlus Looks to Undercut Apple and Samsung With New $700 Tablet
(Bloomberg) -- OnePlus USA Corp. introduced a slimmed-down version of its premium Android tablet on Thursday, looking to beat competing devices from Samsung Electronics Co and Apple Inc. with its price and specifications. ICE Moves to DNA-Test Families Targeted for Deportation with New Contract Next Stop: Rancho Cucamonga! The Global Struggle to Build Safer Cars US Housing Agency Vulnerable to Fraud After DOGE Cuts, Documents Warn NYC Residents Want Safer Streets, Cheaper Housing, Survey Says The tablet, called the OnePlus Pad 3, will be available on July 8 for $700 in the US and $1,000 in Canada. In addition to the thin frame, the company is touting faster performance, an improved display and upgraded multitasking features. The Pad 3's price falls between Apple's 11-inch ($599) and 13-inch ($799) iPad Air tablets. Android tablets have failed to make much of a dent in the US to Apple's tablet business. Samsung, Inc. and smaller players fill out the rest of the market. The Pad 3 is less than 6 millimeters thick and features a 13.2-inch display with a higher pixel density than the iPad Air, promising crisp text and other visuals. (Apple's far more expensive 13-inch iPad Pro is just 5.1 millimeters thick.) Inside, it's powered by Qualcomm Inc.'s Snapdragon 8 Elite chip, a processor found in other recently released high-end devices such as Samsung's Galaxy S25 Edge phone. Battery life can exceed 17 hours with less demanding usage, according to the company. Alternatively, users can expect as much as six hours playing graphics-intensive video games, the company says. OnePlus also said the battery can recover 18% of capacity after a 10-minute charge. Most iPads are usually graded at 10 hours of battery life. In a hands-on test, the tablet seemed sturdy even with its thin dimensions. The LCD screen falls short of the higher-quality OLED panels used in pricier top-of-the-line tablets from Apple and Samsung, but it renders colors well and is capable of high brightness levels. Additionally, the eight speakers produced robust sound. Android continues to offer fewer tablet-optimized apps than Apple's iPadOS, but by now many popular platforms and services are available for larger-format devices like this. OnePlus' updated Open Canvas multitasking system lets users drag and drop multiple apps into different zones and adjust how much space they each take up. The tablet automatically recommends entering split-screen mode if it detects you flicking between apps. OnePlus is also releasing updated accessories for the Pad 3, including a $200 keyboard with trackpad. The company's existing $100 stylus pen is also compatible with the new hardware. The $50 folio case is a highlight, with a versatile design that lets you position the tablet in several different orientations. Like the tablet, some of OnePlus' accessories are priced lower than Apple's equivalents: The iPad Air's keyboard is $269, though the Apple Pencil starts at $79. At $700, the Pad 3 is $150 more expensive than the company's previous tablet. OnePlus attributes the higher cost to the larger display and other hardware refinements, though it acknowledged 'current market conditions' factored into the price. Electronics makers continue to grapple with uncertainty around tariffs that the Trump administration has levied against most US trading partners and critical manufacturing hubs. OnePlus was co-founded by Carl Pei, who departed the company in 2020 and now leads another consumer tech brand called Nothing. (Updates with context about OnePlus' founder in the last paragraph.A previous version corrected the formal name of OnePlus in the first paragraph.) Cavs Owner Dan Gilbert Wants to Donate His Billions—and Walk Again YouTube Is Swallowing TV Whole, and It's Coming for the Sitcom Millions of Americans Are Obsessed With This Japanese Barbecue Sauce Is Elon Musk's Political Capital Spent? Trump Considers Deporting Migrants to Rwanda After the UK Decides Not To ©2025 Bloomberg L.P. Sign in to access your portfolio
