Skip to main content Tech Radar Pro Tech Radar Gaming Tech Radar Pro TechRadar the business technology experts Search TechRadar View Profile België (Nederlands) Deutschland North America US (English) Australasia New Zealand Expert Insights Website builders Web hosting Best website builder Best web hosting Best office chairs Best antivirus Expert Insights Recommended reading Dodgy Android smartphones are being preloaded with Triada malware An old Android RAT has returned with some new tricks - here is what to look out for This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections TikTok fans beware - experts warn dangerous malware spread by AI fake videos Watch out - that antivirus website could be a fake, and infecting your PC with malware These malicious Android apps were installed over 60 million times - here's how to stay safe This devious Android malware adds fake contacts to your phone to spoof trusted callers Sead Fadilpašić 4 June 2025 That call from "bank support" might end up being a scam, after all When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock / mindea) Crocodilus Android trojan has been updated with new features Among them is the ability to add a fake contact and trick people into accepting calls The contacts don't sync with Google, experts say Security researchers have spotted a new Android malware variant called Crocodilus, and what makes it stand out is the ability to add new contacts to the target device’s contacts list. Crocodilus was first spotted in late March 2025 by security researchers Threat Fabric, when it was described as a “highly capable mobile banking Trojan” using different techniques such as overlay attacks, keylogging, and abuse of Android’s Accessibility Services, to steal sensitive data, access people’s bank accounts, steal cryptocurrency, and more. Now, the researchers are claiming the Trojan is evolving to bypass classic defense mechanisms and wreak even more havoc. One of the key newly introduced features is the ability to modify the contact list on an infected device. You may like Dodgy Android smartphones are being preloaded with Triada malware An old Android RAT has returned with some new tricks - here is what to look out for This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe Bank support “Upon receiving the command “TRU9MMRHBCRO”, Crocodilus adds a specified contact to the victim’s contact list,” Threat Fabric explained. The goal of this feature is not only to increase the attacker’s control over the device, but also to make attacks harder to detect. “We believe the intent is to add a phone number under a convincing name such as “Bank Support”, allowing the attacker to call the victim while appearing legitimate,” the researchers explained. “This could also bypass fraud prevention measures that flag unknown numbers.” The good news is that the fake contact will not make it into people’s Google accounts, so it won’t show up on other devices. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. Numerous other improvements were introduced in the latest version, as well, which are mostly focused on evading traditional detection mechanisms. Furthermore, the malware now seems to have expanded its target scope, from focusing mostly on Turkey, to going global. Android malware and Trojans are usually distributed through fake and third-party app stores, social media channels, and email. Therefore, users are advised to only download Android apps from reputable sources (such as the Google Play Store, or Galaxy Store), and even there - to be careful. Reading through the reviews, minding the download count, and checking the developer’s reputation is a good way to spot malware. Via BleepingComputer You might also like These dangerous Android malware apps have been installed millions of times Take a look at our guide to the best authenticator app We've rounded up the best password managers Sead Fadilpašić Social Links Navigation Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. Dodgy Android smartphones are being preloaded with Triada malware An old Android RAT has returned with some new tricks - here is what to look out for This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections TikTok fans beware - experts warn dangerous malware spread by AI fake videos Watch out - that antivirus website could be a fake, and infecting your PC with malware Latest in Security HPE flags critical StoreOnce auth bypass, users should update now How we test antivirus software I tested Bitdefender and McAfee in an antivirus software showdown, and here's what I found FBI, Secret Service operation takes down AVCheck site used to test malware Qualcomm finally patches Adreno GPU zero-day flaws used in Android attacks Microsoft and other security experts want a proper naming system for the worst hackers around Latest in News A flood of Samsung Galaxy Z Fold 7 and Galaxy Z Flip 7 leaks have arrived – including a potential launch date Microsoft accused of ‘tech extortion’ over Windows 10 support ending in campaign to get people to upgrade to Linux Skullcandy launches its first premium ANC headphones to truly challenge Sony and Bose, and their cool cross-body travel bag is a great start iOS 19 could bring new features to Messages, Music, and Notes HPE flags critical StoreOnce auth bypass, users should update now Hold the phone! Samsung has just teased a Galaxy Z Fold 7 Ultra LATEST ARTICLES I've chosen the best wireless chargers for different needs, after testing nearly 30 from all budget levels Snap up the Bose Ultra Open Earbuds fast while they’re under $250 at Best Buy Fed up with prompts to use Edge? Windows 11 users in Europe won’t get them anymore, but sadly everyone else will A flood of Samsung Galaxy Z Fold 7 and Galaxy Z Flip 7 leaks have arrived – including a potential launch date Microsoft accused of ‘tech extortion’ over Windows 10 support ending in campaign to get people to upgrade to Linux TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...