This Malware Adds a ‘trusted’ Contact to Your Android Phone
As fraud detection features for calls and text messages become more sophisticated, so too do the threats designed to bypass such measures. Right now, Android users are being targeted by malware that can create fake contacts on your device so that calls and texts from scammers appear under a trusted name rather than an unfamiliar number, making it more likely that you’ll fall for their scam.
How does Crocodilus malware work?
First discovered by fraud prevention company Threat Fabric earlier this year, the Crocodilus malware is a device hijacking Trojan initially deployed to trick users into giving out crypto wallet seed phrases under the guise of needing to back up their keys. Once downloaded — perhaps via a malicious ad, smishing campaign, or third-party app — the malware could bypass Play Protect on Android 13 (and later) and gain access to the Accessibility Service, eventually logging and collecting the entered credentials. As a result, the attackers could take control of victims’ crypto wallets and empty them.
The latest iteration of the program has evolved to deploy a command that adds contacts to the device locally. If an attacker calls, they will appear on the caller ID under a seemingly legitimate name, such as “Bank Support,” making it more likely that targets will answer and trust the contact. As Bleeping Computer reports , the fake contact is not connected to your Google account, so it will only show up on the compromised device and not on others you’re signed into.
What Android users need to do
Initially, Crocodilus campaigns were limited to a few countries, but now the malware has spread worldwide, including to the United States. To avoid infecting your Android device, use Google Play to download trusted apps and software, and keep Play Protect enabled to catch as many threats as possible.
Of course, you should also be vigilant for signs of social engineering tactics that attackers use to trick you into installing malware or providing sensitive personal information. These phishing campaigns and other cyberattacks exploit human psychology using tricks like impersonating authority, and they typically play on emotions like fear or greed.
Never download attachments or click on links in unsolicited emails or texts, instead go to websites directly. Call the company on its public number rather than trusting a number that calls you unless you are sure the message is legitimate. Don’t respond to anything that seems urgent or evokes strong emotions. Also avoid clicking on ads, downloading software, or following instructions from social media, which can also carry malware .