A few months ago, a new virus launched an attack on Android smartphones. Called Crocodilus, the malware is designed to pick the pockets of its victims. To achieve this, the virus steals users' bank details and login details by displaying a fake window on the phone's screen. This fake window mimics the interface of the target's banking application.
A virus that has become harder to detect
More recently, a new variant of Crocodilus was spotted by researchers at Threat Fabric, the same experts who had already uncovered the original malware in March. This "worrying development" is even more difficult to detect by antivirus or security systems. Cybercriminals are now using a dropper malware that better hides the malicious code by compressing it into a file that is harder to analyze. Additionally, the malicious payload injected by the dropper is now encrypted. Hackers have also taken steps to make Crocodilus code very difficult for cybersecurity researchers. The virus code is notably full of useless fake instructions. Fake Contacts and Fake Bank Assistance That's not all. The new Crocodilus has a whole new tactic to trick users. The virus will add fake contacts to the device. The hackers will then place a call to the user. Instead of displaying an unknown number, the smartphone will display the name of this fake contact on the screen. This trick makes it possible to impersonate a bank customer service representative without arousing suspicion among victims. It could also allow hackers to "circumvent fraud prevention measures that flag unknown numbers."
According to Threat Fabric, hackers use names like "Bank Assistance." This leaves the user unaware during the call. The hacker can then convince them to provide sensitive personal data, such as their login details. Cybercriminals can then use this to break into the account and steal all the money.
An expanded scope
Furthermore, Crocodilus has considerably expanded its scope. Initially confined to Turkey, the virus is now attacking internet users on every continent. Threat Fabric explains that it has identified "a growing number of campaigns" based on Crocodilus, including in several European countries and South America. To spread the virus, scammers rely on advertisements distributed on social networks. These advertisements impersonate banks and "e-commerce platforms". They invite Internet users "to download an application to claim bonus points".
We therefore recommend that you exercise the utmost caution. For security reasons, do not install applications from unknown sources, outside of the Play Store. Be wary of advertisements that appear on Facebook, Instagram, and the like. These advertisements may very well hide their true intentions. Also, get into the habit of restarting your phone regularly. Some malware can be stopped or slowed down by simply restarting your phone. Finally, remember that your bank will never call you to ask for data over the phone. Never share your banking credentials or codes over the phone.
Source: Threat Fabric
0 Comments