You may want to think twice before answering your phone — especially if it looks like your bank is calling. A dangerous new Android malware called Crocodilus has been making its way worldwide and is now more advanced than ever. Its latest feature? It can add fake contacts to your phone to make scam calls look like they’re from trusted sources.
Crocodilus was first discovered back in March by security experts at Threat Fabric. At the time, it was mainly attacking crypto users in Turkey. But now, it has gone global. The malware targets Android users in the United States, Spain, Argentina, Brazil, Indonesia, and India.
Cybersecurity firm Field Effect warns that Crocodilus uses a custom installer, a dropper, to get around Android’s built-in security. Unlike other malware, it doesn’t need permission from the user or access to Accessibility Services to get onto your device. It can even bypass Google’s Play Protect security feature, making it hard to detect or remove.
This malware is particularly worrying because of its new ability to create fake contact entries. If you visit a dodgy website and unknowingly download the malware, your phone might later show an incoming call from “Your Bank.” But it’s not your bank — a hacker trying to steal your money.
Why this malware is so dangerous
Crocodilus is already packed with dangerous features. It can take full control of your phone, steal personal data, and even overlay fake login pages on top of your real banking apps. This trick is designed to steal your usernames and passwords.
With the new feature, scammers can now make you think that texts or calls are coming from your family, friends, or workplace. Imagine receiving a message from “Mum” asking you to send money urgently — when, in fact, it’s a hacker.
It’s also important to note that these fake contacts won’t appear on your other devices. They don’t sync to your Google account, so if you log in from another phone or computer, you won’t see them. They exist only on the infected phone, making them even more challenging to trace.
Experts don’t know exactly how users are being tricked into downloading the malware. But it’s believed to be spreading through shady websites, fake adverts on social media, scam messages, and untrustworthy app stores.
How to stay protected
Keeping your phone safe from malware like Crocodilus requires a few simple steps. First, try to limit the number of apps on your phone. The fewer apps you have, the easier it is to keep them updated and secure.
Next, only download apps from trusted sources. Stick to the Google Play Store or official stores like Samsung Galaxy Store or the Amazon Appstore. Apps from third-party stores often skip security checks and are more likely to be infected.
Make sure Google Play Protect is turned on. It’s a free tool that checks your apps for malware and alerts you if something’s wrong. But since some threats, like Crocodilus, can sneak past it, it’s also worth installing a reliable antivirus app for Android.
If you want added protection, identity theft protection services can help you recover if a scam has hit you. These services often include support to recover lost funds and repair your credit.
Crocodilus is still new, but it’s already changing quickly and being used in more places. That means it’s likely to grow more dangerous in the coming months. Staying alert, being cautious about what you download, and using good security tools can help you stay ahead of the threats.
