Wednesday, June 4, 2025

 

DIGITAL LIFE


Crocodilus Malware: the malware that steals cryptocurrency wallets on Android systems

Cybersecurity firm Field Effect has announced the discovery of a new malware, which it has dubbed Crocodilus, that is targeting cryptocurrency users by stealing their wallet security keys. Researchers say the malware can disguise itself as a legitimate application, tricking victims into entering their seed phrases, which act as passwords, under the pretext of making a backup.

Crocodilus operates by sending fake warnings, pressuring users to enter their recovery keys within a short period of time, threatening to lose access. Once it receives these keys, the malware saves and transmits this sensitive data to its operators, resulting in full control of victims' crypto assets.

So far, only victims have been found in Turkey and Spain, but researchers assume that it may expand to other countries. The number of victims of this new crypto-focused malware is also unknown.

The malware is distributed through a dropper (Trojan horse) designed to bypass Android security measures, especially on versions starting with Android 13. This allows Crocodilus to install itself without requiring explicit user permissions, thus bypassing Google Play's protection defenses.

Field Effect researchers say it is not yet known how users are tricked into downloading the dropper, but they believe it is through malicious websites and fake promotions via social media or text messages, as well as accessing apps through alternative stores.

Users should be extra careful with this malware, since in addition to stealing crypto accounts, it can take control of the infected device, collect data, record keystroke information, and execute commands, making it dangerous in terms of cybersecurity.

Field Effect recommends that users only download apps from official stores such as Google Play, avoiding sideloading software from untrusted sources. And always be skeptical when apps ask you to enter sensitive data under pressure. You should also install the latest security updates and use antivirus software whenever possible.

In the case of cryptocurrency users, the best way to protect yourself is to use hardware wallets to store your private keys offline, thus being immune to malware in cases of infected equipment. You should also hide your digital wallet behind a master password. Using multi-signature wallets and never saving passwords online are other measures highlighted on the company's blog(https://fieldeffect.com/blog/new-crocodilus-malware-snaps-up-crypto-wallets).

mundophone

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

SAMSUNG Galaxy S26 Ultra leaks: Samsung to target professionals with Apple ProRes alternative and big display upgrades The Galaxy S26 launch...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...
  • (no title)
      DIGITAL LIFE Virtual prostitution(girls sell communication with their virtual copies) Karyn Marjorie, a 23-year-old American social media ...