Researchers have discovered a new Android-targeted malware named “Crocodilus,” which is more advanced than its predecessors. The malware initiates a multi-stage infection chain that prompts users to enable accessibility services for it to function optimally. Crocodilus enables overlays on legitimate banking or cryptocurrency apps to steal user credentials. It also employs a “hidden” mode to allow seamless fraudulent transactions. Notably, the malware, with potential links to the Ermac fork “MetaDroid” and “sybra” threat actor, uniquely exploits Android’s accessibility services.
New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload
Researchers have uncovered a new strain of the advanced KoiLoader malware, believed to be distributed through phishing emails posing as bank statements. The malware employs
