216.73.217.22

Crocodilus Mobile Malware: Evolving Fast, Going Global

· Published 03/06/2025 19:16 · Modified 03/06/2025 21:14

Export JSON

Essential information

Published
03/06/2025 19:16
Modified
03/06/2025 21:14
Tags
2025-06-03 android banking trojan crocodilus cryptocurrency malvertising social engineering
Related entities
4 observables, 2 techniques (mitre), 1 malware, 9 others

Description

A new , , has rapidly evolved since its discovery in March 2025. Initially targeting Turkey, it has expanded to European countries and South America. The malware is distributed through malicious advertising on social networks, masquerading as banking and e-commerce apps. Recent developments include improved obfuscation techniques, the ability to add contacts to the victim's device, and an enhanced seed phrase collector for wallets. Campaigns have been observed targeting users in Poland, Spain, and multiple global locations. The malware's sophistication and expanding reach indicate a well-organized threat actor, posing an increasing risk to users and organizations worldwide.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (4)

  • rentvillcr.online
  • rentvillcr.homes
  • fb046b7d0e385ba7ad15b766086cd48b4b099e612d8dd0a460da2385dd31e09e
  • 6d55d90d021b0980528f56d040e78fa7b85a96f5c244e23f330f24c8e80c1cb2

Techniques (MITRE) (2)

  • T1102
    Web Service
  • T1027
    Obfuscated Files or Information

Malware (1)

  • Crocodilus
    Family
    Published 03/06/2025 19:16 · Modified 03/06/2025 19:16

Others (9)

  • British Indian Ocean Territory
  • India
  • Argentina
  • Poland
  • Spain
  • Indonesia
  • Brazil
  • United States of America
  • Finance

External references