Experts warn of the new sophisticate Crocodilus mobile banking Trojan

A new Android trojan called Crocodilus, discovered by ThreatFabric, exploits accessibility features to steal banking and cryptocurrency credentials. Primarily targeting users in Spain and Turkey, the malware uses overlay attacks, keylogging, and remote access to bypass Android 13 restrictions. Crocodilus is linked to the threat actor “sybra” and is capable of stealing OTP codes, controlling devices, and accessing cameras.