<ul><li>A new version of the Android malware Crocodilus has introduced a deceptive feature that adds fake contacts to victims’ devices, allowing attackers to spoof calls from trusted sources.</li><li>Originally detected in March 2025 by Threat Fabric researchers, Crocodilus was first seen in limited campaigns in Turkey and relied on basic social engineering tactics.</li><li>The latest versions of Crocodilus come with enhancements like code packing in the dropper, XOR encryption layer for the payload, advanced code convolution, and local parsing of stolen data before exfiltration.</li><li>To avoid infection, Android users should only download apps from Google Play or reputable sources, enable Google Play Protect, and limit app installations to essential ones due to the evolving and increasingly dangerous threat of Crocodilus.</li></ul>

New Android Malware tricks users by faking Caller Identities

Discover more