Dangerous new Android malware is adding fake contacts to your phone while draining bank accounts
As reported by BleepingComputer, the malware in question is called Crocodilus, and it was first discovered back in March of this year by Threat Fabric. While it was initially used to target crypto users in Turkey to drain their wallets, the malware is now being distributed on a global scale and is currently being used to target the best Android phones in the U.S., Spain, Argentina, Brazil, Indonesia and India.
In a blog post, the cybersecurity firm Field Effect explains that Crocodilus is distributed using a custom dropper so that it can bypass Android's built-in security measures. For instance, it doesn't need access to Android's Accessibility Services or other user permissions to end up on a vulnerable smartphone. Likewise, it's also able to bypass the built-in defenses of Google Play Protect.
Crocodilus' latest new ability is particularly worrying since hackers can easily use it in social engineering attacks. For instance, you might see a call come through from your bank after visiting a malicious website on your phone. However, since Crocodilus can now be used to add fake contacts to your phone, it could actually be hackers trying to scam you out of your hard-earned cash on the other end of the line.
Here's everything you need to know about this new threat, including some tips and tricks to help you stay safe from hackers trying to infect your smartphone with malware.
Though still quite new, Crocodilus is already a full-featured Android malware with loads of malicious capabilities. For example, it can remotely take over your smartphone, steal data from it and use overlay attacks to mimic popular financial and banking apps to steal your credentials.
Now, in the latest version of this malware, the ability to add fake contacts to a victim's phone has been added to Crocodilus. Once this is done, the device will display the name listed in a caller's contact profile as opposed to their caller ID when an incoming call is received.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
With this new capability, hackers using the Crocodilus malware in their attacks can easily impersonate banks, trusted companies and even your friends and family members. Given that more people text than call these days, potential victims could easily fall for a text from a friend or family member asking them to send money in an emergency and have no idea that they did so.
It's also worth noting that these fake contacts aren't tied to your Google account. Instead, they remain on an infected phone and won't sync with your other devices once you log in to them.
At this time, it's currently unknown how Android users are being tricked into infecting their phones with the Crocodilus malware. However, Field Effect's researches suggest that the malware is likely being distributed via malicious sites, fake promotions sent through social media or via text and on third-party app stores.
You can never be too careful on your phone and this is especially true with new malware strains like Crocodilus. From clicking a bad link to downloading a malicious app, there are plenty of ways in which your devices can become infected with a virus.
For this reason, I always recommend limiting the number of apps on your phone. This is because even good apps can go bad when injected with malicious code and it's always easier to ensure that the apps you do have installed are up to date when there are few of them overall.
At the same time, you want to stick to downloading new apps from the Google Play Store or other first-party Android app stores like the Samsung Galaxy Store or the Amazon App Store. The reason being is that the apps on unofficial, third-party app stores don't go through the same rigorous security checks that they would on other platforms.
To stay safe from Android malware, first and foremost, you want to make sure that Google Play Protect is enabled on your smartphone. This free security tool scans all of the new apps you download as well as any existing apps on your phone for malware and other threats. However, as hackers will often find ways to bypass Android's built-in security tools like we've seen here, you may also want to consider downloading and installing one of the best Android antivirus apps for extra protection.
If you want to be extra safe, though, the best identity theft protection services can help you regain your identity and any funds lost to fraud after a major malware attack.
Given that the Crocodilus malware has already been updated quite frequently despite it being fairly new, I expect this won't be the last we hear of this Android malware strain, especially now that hackers are using it in attacks in even more countries.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
an hour ago
- Forbes
Amazon's App Store Decision—48 Hours To Delete Your Apps
You have been warned. Amazon has confirmed that 'starting August 20, 2025, you will no longer have access to the Amazon Appstore on your Android device.' That's just 48 hours from now. The retail giant says it will now focus its efforts on its own devices. For anyone who has installed an app from the store, this is a potential security threat and you need to act before the deadline. All apps must be deleted. Per Android Police, 'once no longer supported, apps downloaded via the Amazon Appstore "will not be guaranteed to operate on Android devices." That means no support, which not only risks apps becoming 'highly unstable' but also means any security vulnerabilities will not be patched. While Amazon's advice is to install replacement or replica apps from Google's Play Store, you actually need to do more than that. Any apps you may have installed from Amazon's store need to be deleted. If they remain on your phone in an unsupported state, then it outs your device and your data at risk. Amazon also confirms that 'we will also be discontinuing the Amazon Coins program on August 20, 2025.' Those who have used the store and still have Amazon Coins will see those refunded, albeit details on how and when that will be done seem scarce. Android users should focus on Play Store only for apps, it remains your best bet when it comes to security safeguards and works in tandem with Android's core OS and the Play ecosystem that underpins it. That includes Play Protect, which protects your phone from dangerous apps from any source. It's also worth noting that Google is pushing a wider clampdown in third-party stores with its new Advanced Protection Mode, albeit Amazon would no doubt have been seen as an official store for all phones had it continued longer term.
Yahoo
2 hours ago
- Yahoo
Australian regulator sues Google over anti-competitive Search deals
(Reuters) -Australia's competition regulator said on Monday it has begun proceedings against Alphabet's Google over its past deals with telecom operators Telstra and Optus for the pre-installation of Google Search on Android mobile phones. Google has cooperated with the regulator, admitted liability and agreed to jointly submit to the Federal Court that it should pay a total penalty of A$55 million ($35.8 million), the Australian Competition and Consumer Commission (ACCC) said. ($1 = A$1.5349)
Associated Press
2 hours ago
- Associated Press
ComEd Restores Power to 80 Percent of Customers Impacted by Pair of Weekend Storms
CHICAGO--(BUSINESS WIRE)--Aug 17, 2025-- Following two rounds of storms that both included high winds of up to 70 mph across all of northern Illinois Saturday and Sunday, ComEd crews have restored power to more than 80 percent of impacted customers. Some of the hardest hit areas from this afternoon's storms included Crystal Lake, DeKalb, Joliet, Mount Prospect, Rockford, and Skokie. Approximately 40,000 customers remain without power as of 10 a.m. Sunday. Over 500 ComEd crews are deployed throughout the region and will soon be joined by 33 additional crews Sunday afternoon. All crews will continue to work around the clock to restore service to all remaining customers as quickly and safely as possible. Based on storms of similar magnitude, ComEd expects power to be restored to nearly all of these customers by 2 p.m. Monday. When responding to power outages caused by storms, ComEd's priority is to restore critical facilities such as police and fire stations, nursing homes and hospitals first, followed by repairs that will restore power to the greatest number of customers. 'Safely restoring power to all our customers impacted by this weekend's storms remains our number one priority, and our dedicated crews are working around the clock to bring all affected customers back,' said David Perez, executive vice president and COO of ComEd. 'We recognize that losing power at any time can be frustrating, and we appreciate our customers' patience as we continue to assess damage throughout the region and restore power.' Climate change has increased the frequency and intensity of severe weather. ComEd has been investing in power grid upgrades and tree trimming to minimize the impact of storms. Since smart grid upgrades began in 2011, ComEd has avoided more than 24.7 million power outages and improved overall reliability by more than 57 percent. In 2024, ComEd was named most reliable utility in the Midwest. Public safety is paramount, and ComEd encourages customers to take the following precautions: ComEd urges customers to contact the company immediately if they experience a power outage. Customers can text OUT to 26633 (COMED) to report an outage and receive restoration information and can follow the company on Twitter @ComEd or on Facebook at Customers can also call 800 EDISON1 (800-334-7661), or report outages via the website at Spanish-speaking customers should call 800-95-LUCES (800-955-8237). With ComEd's new Outage Tracker, customers can report outages, check estimated time of restoration, view crew status updates, and explore our outage map. Visit ComEd's mobile app for iPhone and Android® smart phones gives customers the ability to report power outages and manage their accounts; download the app at source version on CONTACT: ComEd Media Relations 312-394-3500 KEYWORD: UNITED STATES NORTH AMERICA ILLINOIS INDUSTRY KEYWORD: UTILITIES ENERGY SOURCE: ComEd Copyright Business Wire 2025. PUB: 08/17/2025 04:13 PM/DISC: 08/17/2025 04:13 PM
