Android malware Crocodilus adds fake contacts to spoof trusted callers

The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact to an infected device's contact list to deceive victims when they receive calls from the threat actors. This feature was introduced along with several others, mostly evasion-focused improvements, as the malware appears to have expanded its targeting scope worldwide. Crocodilus goes global The malware was first documented by Threat Fabric researchers in late March 2025, who highlighted its extensive data-theft and remote control capabilities. Those early versions also featured elementary attempts at social engineering via bogus error messages requesting the user's cryptocurrency wallet key to be "backed up" within 12 hours or lose access to it. At the time, Crocodilus was only seen in a few small-scale campaigns in Turkey. This has now changed, according to Threat Fabric, which continued monitoring the malware operation and observed that Crocodilus has expanded its target ... Read full article.