Bank Malware Adds Contacts to Infected Android Phones

By Netvora Tech News

---

Security researchers have discovered a new type of bank malware that adds contacts to infected Android phones, believed to be used for committing bank helpdesk fraud. The malware, named Crocodilus, spreads through Facebook ads that trick users into downloading and installing what they believe is a legitimate banking app, offering bonus points. Other ads mimic browser updates or those of an online casino.

Crocodilus Malware: A Bank Fraud Tool

The Crocodilus malware is specifically designed for bank fraud and allows attackers to remotely access infected devices. A notable feature is its ability to add contacts to the infected phone's contact list. Researchers at security firm ThreatFabric believe this is done to add a legitimate-sounding phone number, such as "bank helpdesk," allowing attackers to appear credible when calling the victim. This could also bypass fraud prevention measures that flag unknown phone numbers.

Cryptocurrency Wallets Targeted

Aside from bank accounts, the malware also targets cryptocurrency wallets. It attempts to steal seed phrases and private keys of certain wallets. Initially, the malware used social engineering tactics, but now it utilizes the AccessibilityLogging feature of Android to automatically collect seed phrases.

Global Campaigns Discovered

Researchers have found campaigns spreading the malware in various European countries as well as South America. The discovery highlights the need for continued vigilance in the fight against banking malware and the importance of staying informed about emerging threats.