A new Android malware strain is making the rounds online that makes it incredibly difficult to distinguish who’s actually calling you as it was recently updated with the ability to add fake contacts to your phone.
As reported by BleepingComputer, the malware in question is called Crocodilus, and it was first discovered back in March of this year by Threat Fabric. While it was initially used to target crypto users in Turkey to drain their wallets, the malware is now being distributed on a global scale and is currently being used to target the best Android phones in the U.S., Spain, Argentina, Brazil, Indonesia and India.
In a blog post, the cybersecurity firm Field Effect explains that Crocodilus is distributed using a custom dropper so that it can bypass Android’s built-in security measures. For instance, it doesn’t need access to Android’s Accessibility Services or other user permissions to end up on a vulnerable smartphone. Likewise, it’s also able to bypass the built-in defenses of Google Play Protect.
Crocodilus’ latest new ability is particularly worrying since hackers can easily use it in social engineering attacks. For instance, you might see a call come through from your bank after visiting a malicious website on your phone. However, since Crocodilus can now be used to add fake contacts to your phone, it could actually be hackers trying to scam you out of your hard-earned cash on the other end of the line.
Here’s everything you need to know about this new threat, including some tips and tricks to help you stay safe from hackers trying to infect your smartphone with malware.
Even your contacts can’t be trusted
Though still quite new, Crocodilus is already a full-featured Android malware with loads of malicious capabilities. For example, it can remotely take over your smartphone, steal data from it and use overlay attacks to mimic popular financial and banking apps to steal your credentials.
Now, in the latest version of this malware, the ability to add fake contacts to a victim’s phone has been added to Crocodilus. Once this is done, the device will display the name listed in a caller’s contact profile as opposed to their caller ID when an incoming call is received.
With this new capability, hackers using the Crocodilus malware in their attacks can easily impersonate banks, trusted companies and even your friends and family members. Given that more people text than call these days, potential victims could easily fall for a text from a friend or family member asking them to send money in an emergency and have no idea that they did so.
It’s also worth noting that these fake contacts aren’t tied to your Google account. Instead, they remain on an infected phone and won’t sync with your other devices once you log in to them.
At this time, it’s currently unknown how Android users are being tricked into infecting their phones with the Crocodilus malware. However, Field Effect’s researches suggest that the malware is likely being distributed via malicious sites, fake promotions sent through social media or via text and on third-party app stores.
How to stay safe from Android malware
You can never be too careful on your phone and this is especially true with new malware strains like Crocodilus. From clicking a bad link to downloading a malicious app, there are plenty of ways in which your devices can become infected with a virus.
For this reason, I always recommend limiting the number of apps on your phone. This is because even good apps can go bad when injected with malicious code and it’s always easier to ensure that the apps you do have installed are up to date when there are few of them overall.
At the same time, you want to stick to downloading new apps from the Google Play Store or other first-party Android app stores like the Samsung Galaxy Store or the Amazon App Store. The reason being is that the apps on unofficial, third-party app stores don’t go through the same rigorous security checks that they would on other platforms.
To stay safe from Android malware, first and foremost, you want to make sure that Google Play Protect is enabled on your smartphone. This free security tool scans all of the new apps you download as well as any existing apps on your phone for malware and other threats. However, as hackers will often find ways to bypass Android’s built-in security tools like we’ve seen here, you may also want to consider downloading and installing one of the best Android antivirus apps for extra protection.
If you want to be extra safe, though, the best identity theft protection services can help you regain your identity and any funds lost to fraud after a major malware attack.
Given that the Crocodilus malware has already been updated quite frequently despite it being fairly new, I expect this won’t be the last we hear of this Android malware strain, especially now that hackers are using it in attacks in even more countries.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
