Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Introduction
The mobile threat landscape has been shaped over the years by well-established banking Trojan families such as Anatsa, Octo, Hook, each evolving to introduce new techniques for evading detection and maximising financial gain. These malware strains have demonstrated how effective mobile-focused threats can be, particularly when equipped with capabilities like overlay attacks, keylogging, and abuse of Android’s Accessibility Services. Their success has not only impacted banks and crypto platforms globally, but also has inspired a growing underground market hungry for similar or improved tools.
This environment has paved the way for the emergence of Crocodilus, a new and highly capable mobile banking Trojan discovered by ThreatFabric.
Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials.
Article Link: Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices