- Crocodilus Android Trojan has been updated with new functions
- Among them is the ability to add a false contact and deceive people to accept calls
- The contacts do not synchronize with Google, experts say
Security researchers have seen a new variant of Android malware called crocodilus, and what makes it highlight is the ability to add new contacts to the contact device contact list.
Crocodilus was first seen at the end of March 2025 by Safety Researchers Menazing Fabric, when it was described as a “highly capable mobile banking Trojan” using different techniques, such as overlapping attacks, keylogging and abuse of Android accessibility services, to steal confidential data, access bank accounts of people, criticized robbery and more.
Now, researchers claim that the Trojan is evolving to avoid classical defense mechanisms and cause even more ravages. One of the recently introduced key features is the ability to modify the contact list on an infected device.
Banking support
“Upon receiving the” Tru9MMRHBCRO “command, Crocodilus adds a specific contact to the victim’s contact list,” said Fabric de Threat.
The objective of this characteristic is not only to increase the control of the attacker on the device, but also make the attacks more difficult to detect.
“We believe that the intention is to add a telephone number under a convincing name as” bank support “, which allows the attacker to call the victim while it appears legitimate,” the researchers explained. “This could also avoid fraud prevention measures that mark unknown numbers.”
The good news is that the false contact will not reach people’s Google accounts, so it will not appear on other devices.
Many other improvements were also introduced in the latest version, which focus mainly on evading traditional detection mechanisms. In addition, malware now seems to have expanded its objective scope, from focusing mainly on Türkiye, until it becomes globalized again.
Android malware and Trojans are generally distributed through false and third -party application stores, social media channels and email.
Therefore, users are advised to download android applications from good reputation sources (such as Google Play Store or Galaxy Store), and even there, to be careful. Reading the reviews, occupying the discharge count and verifying the developer’s reputation is a good way to detect malware.
Through Bleepingcomputer
