A new type of Android malware called Crocodilus is targeting crypto users and bank users in Asia and Europe. At first, the malware was common in Turkey, focusing largely on stealing login details. However, since it was first detected in March, Crocodilus has now expanded to other key countries, including Argentina, Poland, the US, and Spain.
Security experts say the Crocodilus malware disguises itself as a legitimate app, such as a mobile banking app. Once installed, the malware tricks users into revealing their login details. Interestingly, reports state that the Crocodilus malware bypasses over 13 Android restrictions, making it a major threat.
🚨 New Crocodilus Malware Let Attacker Gain Full Control of Your Android Device
Read more: https://t.co/o1gjdLpk6A
A sophisticated new Android banking Trojan named Crocodilus has emerged as a significant global threat, demonstrating advanced device-takeover capabilities that… pic.twitter.com/YXoNGRaNIJ
— Cyber Security News (@The_Cyber_News) June 5, 2025
In Spain, Crocodilus targets most major banks. The new malware isn’t only spreading rapidly but also becoming increasingly sophisticated. Crocodilus can alter a user’s contact list, adding fake names like “Bank Help” or “Customer Service,” making it easier for scammers to pretend they’re from a legitimate bank.
Crocodilus also targets crypto wallets with precision. Experts say the malware has developed better skills at getting private keys and feeding them to scammers.
Security experts also say Crocodilus is now harder to spot. The people behind it have scrambled the code and hidden it deep inside fake apps, making it very difficult for antivirus software to detect or stop it.
New blog: Crocodilus mobile malware, evolving fast, going global
First spotted in March, it’s now expanding globally with smarter tactics and a growing focus on crypto.
Read the blog here: https://t.co/PjBZYksWY4 #MobileMalware #CyberSecurity #Crocodilus #ThreatIntelligence pic.twitter.com/TF2nG9LQ9K
— ThreatFabric (@ThreatFabric) June 3, 2025
In smaller attacks, the malware has also gone after crypto mining apps and online banks in Europe. But regardless of the target, one thing is clear: this malware is being fine-tuned to steal crypto.
Experts warn of a bigger threat.
Meanwhile, cybersecurity analysts are also warning about a growing trend where malware tools are being sold like regular online services. Anyone can now access dangerous tools that drain crypto wallets for a couple of hundred dollars.
In one bizarre case, even a printer company got caught in the act. On May 19, reports revealed that a Chinese hardware firm was distributing drivers containing hidden malware that stole Bitcoin from users’ wallets.
Cybersecurity researchers have reported the emergence of a new Android banking trojan named Crocodilus, which is actively targeting users in Spain and Turkey.https://t.co/nYoDuUuLOe
— Gray Hats (@the_yellow_fall) April 1, 2025
Crocodilus is just one name in a growing list of threats. But its sharp focus on crypto means users need to stay alert, keep their wallets safe, and think twice before installing any unfamiliar app.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted risk tolerance levels of the writer/reviewers, and their risk tolerance may differ from yours. We are not responsible for any losses you may incur due to any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments; therefore, please conduct your due diligence. Copyright Altcoin Buzz Pte Ltd.
