Threat & Vulnerability
- CVEAccess the latest CVE (Common Vulnerabilities and Exposures) updates, severity scores, and patch advisories to fortify your systems against known risks.
- Cyber CrimeTrack global cybercrime trends, from ransomware gangs to dark web markets. Explore law enforcement strategies and tools to combat digital crime.
- Data BreachAnalyze recent data breaches, their root causes, and lessons learned. Discover best practices to secure sensitive information and comply with privacy regulations.
- Hacking AlertGet actionable alerts on active cyberattacks, exploit kits, and phishing schemes. Protect your network with timely updates on emerging hacking tactics.
- ThreatStay ahead of evolving cyber threats, including malware, phishing, ransomware, and APTs. Explore real-world attack patterns, mitigation strategies, and threat actor insights to safeguard your digital assets.
- VulnerabilityDive into critical system weaknesses, misconfigurations, and software flaws. Learn how to identify, prioritize, and remediate vulnerabilities before attackers exploit them.
- Zero DayUncover unpatched software vulnerabilities and zero-day exploits. Know mitigation techniques to defend against undisclosed threats.
Security Posture
- BlockchainExplore blockchain vulnerabilities, smart contract audits, and crypto threats. Secure decentralized systems against hacks and fraud.
- Security Best PracticesStreamline your cybersecurity governance with expertly crafted policy templates, actionable procedures, and adaptive guidelines. Learn to design NIST/ISO-aligned policies, implement incident response workflows, and adopt industry standards like CIS Benchmarks or OWASP. Ideal for IT managers, compliance officers, and auditors seeking to build robust, audit-ready security programs while balancing flexibility and regulatory rigor.
- DFIRDive into DFIR frameworks, evidence collection, and breach response. Learn how to investigate incidents and recover from cyberattacks effectively.
- GRCAlign cybersecurity with business goals through governance policies, risk assessments, and compliance audits. Explore standards like GDPR, HIPAA, and SOC 2 to bridge security and regulatory requirements.
- Risk Management
- Technology & ToolsExplore cutting-edge cybersecurity technologies, from next-gen firewalls and SIEM platforms to AI-driven threat detection tools. Discover in-depth reviews, comparisons, and implementation guides for enterprise-grade software, open-source utilities, and emerging solutions. Stay updated on zero-day defenses, penetration testing frameworks, and automation tools that empower IT teams to outpace cyber adversaries.
- Threat IntelligenceAccess actionable threat intelligence feeds, adversary behavior analysis, and Indicators of Compromise (IOCs). Transform raw data into strategic defenses against APTs, ransomware, and cyber espionage.
- Zero TrustMaster Zero Trust principles, from micro-segmentation to continuous authentication. Build resilient networks that assume breach and verify every access request.
AIAnalyze AI-driven cyberattacks, ethical hacking tools, and machine learning defenses. Stay updated on how AI reshapes cybersecurity.
BusinessStay ahead in the fast-paced IT sector with breaking news, expert analyses of mergers & acquisitions, and thought leadership on tech business trends. Explore discussions on IT market shifts, startup innovations, and corporate strategies shaping cybersecurity, cloud computing, and enterprise tech. Ideal for CIOs, investors, and IT leaders navigating the evolving digital economy.
Knowledge BaseAccess a centralized repository of cybersecurity guides, glossaries, how-tos, and FAQs. From foundational concepts to advanced tactics, empower your team with step-by-step tutorials, downloadable templates, and expert-curated resources. Ideal for professionals, students, and enthusiasts seeking actionable knowledge to combat evolving threats.
ReviewsUnbiased reviews of firewalls, antivirus software, penetration testing tools, and security platforms. Make informed decisions for your tech stack.
EventsStay updated on global events, workshops, and summits. Network with experts and gain insights into cutting-edge security innovations.

More...

Threat & Vulnerability
- CVEAccess the latest CVE (Common Vulnerabilities and Exposures) updates, severity scores, and patch advisories to fortify your systems against known risks.
- Cyber CrimeTrack global cybercrime trends, from ransomware gangs to dark web markets. Explore law enforcement strategies and tools to combat digital crime.
- Data BreachAnalyze recent data breaches, their root causes, and lessons learned. Discover best practices to secure sensitive information and comply with privacy regulations.
- Hacking AlertGet actionable alerts on active cyberattacks, exploit kits, and phishing schemes. Protect your network with timely updates on emerging hacking tactics.
- ThreatStay ahead of evolving cyber threats, including malware, phishing, ransomware, and APTs. Explore real-world attack patterns, mitigation strategies, and threat actor insights to safeguard your digital assets.
- VulnerabilityDive into critical system weaknesses, misconfigurations, and software flaws. Learn how to identify, prioritize, and remediate vulnerabilities before attackers exploit them.
- Zero DayUncover unpatched software vulnerabilities and zero-day exploits. Know mitigation techniques to defend against undisclosed threats.
Security Posture
- BlockchainExplore blockchain vulnerabilities, smart contract audits, and crypto threats. Secure decentralized systems against hacks and fraud.
- Security Best PracticesStreamline your cybersecurity governance with expertly crafted policy templates, actionable procedures, and adaptive guidelines. Learn to design NIST/ISO-aligned policies, implement incident response workflows, and adopt industry standards like CIS Benchmarks or OWASP. Ideal for IT managers, compliance officers, and auditors seeking to build robust, audit-ready security programs while balancing flexibility and regulatory rigor.
- DFIRDive into DFIR frameworks, evidence collection, and breach response. Learn how to investigate incidents and recover from cyberattacks effectively.
- GRCAlign cybersecurity with business goals through governance policies, risk assessments, and compliance audits. Explore standards like GDPR, HIPAA, and SOC 2 to bridge security and regulatory requirements.
- Risk Management
- Technology & ToolsExplore cutting-edge cybersecurity technologies, from next-gen firewalls and SIEM platforms to AI-driven threat detection tools. Discover in-depth reviews, comparisons, and implementation guides for enterprise-grade software, open-source utilities, and emerging solutions. Stay updated on zero-day defenses, penetration testing frameworks, and automation tools that empower IT teams to outpace cyber adversaries.
- Threat IntelligenceAccess actionable threat intelligence feeds, adversary behavior analysis, and Indicators of Compromise (IOCs). Transform raw data into strategic defenses against APTs, ransomware, and cyber espionage.
- Zero TrustMaster Zero Trust principles, from micro-segmentation to continuous authentication. Build resilient networks that assume breach and verify every access request.
AIAnalyze AI-driven cyberattacks, ethical hacking tools, and machine learning defenses. Stay updated on how AI reshapes cybersecurity.
BusinessStay ahead in the fast-paced IT sector with breaking news, expert analyses of mergers & acquisitions, and thought leadership on tech business trends. Explore discussions on IT market shifts, startup innovations, and corporate strategies shaping cybersecurity, cloud computing, and enterprise tech. Ideal for CIOs, investors, and IT leaders navigating the evolving digital economy.
Knowledge BaseAccess a centralized repository of cybersecurity guides, glossaries, how-tos, and FAQs. From foundational concepts to advanced tactics, empower your team with step-by-step tutorials, downloadable templates, and expert-curated resources. Ideal for professionals, students, and enthusiasts seeking actionable knowledge to combat evolving threats.
ReviewsUnbiased reviews of firewalls, antivirus software, penetration testing tools, and security platforms. Make informed decisions for your tech stack.
EventsStay updated on global events, workshops, and summits. Network with experts and gain insights into cutting-edge security innovations.

Now Reading: Crocodilus – A Highly Advanced Android Trojan with Remote Control Capabilities on Banking and Crypto Wallet

01
Crocodilus – A Highly Advanced Android Trojan with Remote Control Capabilities on Banking and Crypto Wallet

Threat & Vulnerability//
- CVE//Access the latest CVE (Common Vulnerabilities and Exposures) updates, severity scores, and patch advisories to fortify your systems against known risks.
- Cyber Crime//Track global cybercrime trends, from ransomware gangs to dark web markets. Explore law enforcement strategies and tools to combat digital crime.
- Data Breach//Analyze recent data breaches, their root causes, and lessons learned. Discover best practices to secure sensitive information and comply with privacy regulations.
- Hacking Alert//Get actionable alerts on active cyberattacks, exploit kits, and phishing schemes. Protect your network with timely updates on emerging hacking tactics.
- Threat//Stay ahead of evolving cyber threats, including malware, phishing, ransomware, and APTs. Explore real-world attack patterns, mitigation strategies, and threat actor insights to safeguard your digital assets.
- Vulnerability//Dive into critical system weaknesses, misconfigurations, and software flaws. Learn how to identify, prioritize, and remediate vulnerabilities before attackers exploit them.
- Zero Day//Uncover unpatched software vulnerabilities and zero-day exploits. Know mitigation techniques to defend against undisclosed threats.
Security Posture//
- Blockchain//Explore blockchain vulnerabilities, smart contract audits, and crypto threats. Secure decentralized systems against hacks and fraud.
- Security Best Practices//Streamline your cybersecurity governance with expertly crafted policy templates, actionable procedures, and adaptive guidelines. Learn to design NIST/ISO-aligned policies, implement incident response workflows, and adopt industry standards like CIS Benchmarks or OWASP. Ideal for IT managers, compliance officers, and auditors seeking to build robust, audit-ready security programs while balancing flexibility and regulatory rigor.
- DFIR//Dive into DFIR frameworks, evidence collection, and breach response. Learn how to investigate incidents and recover from cyberattacks effectively.
- GRC//Align cybersecurity with business goals through governance policies, risk assessments, and compliance audits. Explore standards like GDPR, HIPAA, and SOC 2 to bridge security and regulatory requirements.
- Risk Management//
- Technology & Tools//Explore cutting-edge cybersecurity technologies, from next-gen firewalls and SIEM platforms to AI-driven threat detection tools. Discover in-depth reviews, comparisons, and implementation guides for enterprise-grade software, open-source utilities, and emerging solutions. Stay updated on zero-day defenses, penetration testing frameworks, and automation tools that empower IT teams to outpace cyber adversaries.
- Threat Intelligence//Access actionable threat intelligence feeds, adversary behavior analysis, and Indicators of Compromise (IOCs). Transform raw data into strategic defenses against APTs, ransomware, and cyber espionage.
- Zero Trust//Master Zero Trust principles, from micro-segmentation to continuous authentication. Build resilient networks that assume breach and verify every access request.
AI//Analyze AI-driven cyberattacks, ethical hacking tools, and machine learning defenses. Stay updated on how AI reshapes cybersecurity.
Business//Stay ahead in the fast-paced IT sector with breaking news, expert analyses of mergers & acquisitions, and thought leadership on tech business trends. Explore discussions on IT market shifts, startup innovations, and corporate strategies shaping cybersecurity, cloud computing, and enterprise tech. Ideal for CIOs, investors, and IT leaders navigating the evolving digital economy.
Knowledge Base//Access a centralized repository of cybersecurity guides, glossaries, how-tos, and FAQs. From foundational concepts to advanced tactics, empower your team with step-by-step tutorials, downloadable templates, and expert-curated resources. Ideal for professionals, students, and enthusiasts seeking actionable knowledge to combat evolving threats.
Reviews//Unbiased reviews of firewalls, antivirus software, penetration testing tools, and security platforms. Make informed decisions for your tech stack.
Events//Stay updated on global events, workshops, and summits. Network with experts and gain insights into cutting-edge security innovations.

Home
Threat
Crocodilus – A Highly Advanced Android Trojan with Remote Control Capabilities on Banking and Crypto Wallet

Crocodilus – A Highly Advanced Android Trojan with Remote Control Capabilities on Banking and Crypto Wallet

Shammi SumuThreatMarch 30, 2025683 Views

The mobile banking Trojan landscape has reached a new level of sophistication with the emergence of Crocodilus, a fully-featured malware family recently uncovered by ThreatFabric. Unlike typical copycat malware, Crocodilus enters the threat landscape as a mature banking Trojan with advanced capabilities like remote device control, black screen overlays, and Accessibility-based data harvesting.

“Crocodilus is not a simple clone, but a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging.” – ThreatFabric Report

This malware is already targeting banks in Spain and Turkey, as well as cryptocurrency wallets, posing a severe risk to mobile users worldwide.

Technical Analysis of Crocodilus

Crocodilus follows the typical Device Takeover (DTO) banking Trojan playbook but with enhanced stealth and efficiency.

1. Infection Vector: Bypassing Android 13+ Restrictions

Crocodilus spreads via a proprietary dropper designed to circumvent Android’s security restrictions. Once installed, it abuses Accessibility Services—a common but effective tactic seen in other banking Trojans like Anatsa and Octo. ThreatFabric mention that Initial installation is done via a proprietary dropper bypassing Android 13+ restrictions. Once installed, Crocodilus requests Accessibility Service to be enabled.

2. Overlay Attacks & Real-Time Data Theft

The malware employs dynamic overlay attacks, fetching fake login screens from its C2 server based on the app opened by the victim.

Targets banking & crypto apps (Spain, Turkey observed initially).
Logs all Accessibility events, effectively functioning as a keylogger and screen capturer.

“Crocodilus monitors all Accessibility events, capturing every element displayed on the screen. This goes beyond simple keylogging—it records all text changes performed by the victim.” – ThreatFabric

3. Remote Access & Black Screen Concealment

One of the most dangerous features is hidden remote control. When activated:

A black screen overlay masks the attacker’s actions.
The device is muted to prevent detection.

4. Stealing Google Authenticator Codes

The malware includes a dedicated RAT command (TG32XAZADG) to capture Google Authenticator OTPs by scraping screen content via Accessibility Services and communicate with c2 server.

5. Social Engineering in Crypto Theft

For cryptocurrency wallets, Crocodilus displays a fake warning like below-

This manipulates victims into revealing their seed phrase, which the malware then harvests via Accessibility Logging.

Moreover, Crocodilus support a lots of Bot and RAT commands like

Launch specified application
Perform USSD request
Send SMS to specified number
Send SMS to all contacts
Get SMS messages
Request Device Admin privileges
Enable/disable remote control session
Enable/disable self-protection against deletion
Enable/disable remote control session
Start front camera image streaming
Enable/disable “hidden” RAT
Perform click
Perform complex gesture
Write in focused area
Capture screen content for Google Authenticator app

Who’s Behind Crocodilus

ThreatFabric found references to “sybupdate” in Crocodilus’s code, potentially linking it to “sybra”, a threat actor previously associated with:

Ermac (MetaDroid fork)
Hook & Octo malware

However, it remains unclear whether sybra developed Crocodilus or is merely an early adopter. Whether ThreatFabric research team found that first Crocodilus samples contain the tag ‘sybupdate, which could be linked to ‘sybra.

Additionally, Turkish-language debug messages suggest the developers may be Turkish-speaking.

Defensive Recommendations

For End Users:

Avoid sideloading APKs – Only use Google Play Store.
Never enable Accessibility for untrusted apps – Legitimate apps don’t require this for basic functions.
Use hardware security keys (e.g., YubiKey) instead of SMS/OTP-based 2FA.
Install a reputable mobile security solution with behavioral detection.

For Financial Institutions:
🔒 Implement device risk scoring to detect compromised devices.
🔒 Adopt strong customer authentication (SCA) measures beyond SMS OTPs.

Crocodilus represents a significant leap in Android banking Trojan sophistication, combining stealth, remote control, and psychological manipulation to maximize theft. Its capabilities suggest that traditional signature-based detection is insufficient—proactive behavioral analysis and layered security are now essential.