Back to news
This devious Android malware adds fake contacts to your phone to spoof trusted callers
@Source: techradar.com
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Tech Radar Pro
TechRadar the business technology experts
Search TechRadar
View Profile
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
Expert Insights
Website builders
Web hosting
Best website builder
Best web hosting
Best office chairs
Best antivirus
Expert Insights
Recommended reading
Dodgy Android smartphones are being preloaded with Triada malware
An old Android RAT has returned with some new tricks - here is what to look out for
This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe
Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections
TikTok fans beware - experts warn dangerous malware spread by AI fake videos
Watch out - that antivirus website could be a fake, and infecting your PC with malware
These malicious Android apps were installed over 60 million times - here's how to stay safe
This devious Android malware adds fake contacts to your phone to spoof trusted callers
Sead Fadilpašić
4 June 2025
That call from "bank support" might end up being a scam, after all
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock / mindea)
Crocodilus Android trojan has been updated with new features
Among them is the ability to add a fake contact and trick people into accepting calls
The contacts don't sync with Google, experts say
Security researchers have spotted a new Android malware variant called Crocodilus, and what makes it stand out is the ability to add new contacts to the target device’s contacts list.
Crocodilus was first spotted in late March 2025 by security researchers Threat Fabric, when it was described as a “highly capable mobile banking Trojan” using different techniques such as overlay attacks, keylogging, and abuse of Android’s Accessibility Services, to steal sensitive data, access people’s bank accounts, steal cryptocurrency, and more.
Now, the researchers are claiming the Trojan is evolving to bypass classic defense mechanisms and wreak even more havoc. One of the key newly introduced features is the ability to modify the contact list on an infected device.
You may like
Dodgy Android smartphones are being preloaded with Triada malware
An old Android RAT has returned with some new tricks - here is what to look out for
This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe
Bank support
“Upon receiving the command “TRU9MMRHBCRO”, Crocodilus adds a specified contact to the victim’s contact list,” Threat Fabric explained.
The goal of this feature is not only to increase the attacker’s control over the device, but also to make attacks harder to detect.
“We believe the intent is to add a phone number under a convincing name such as “Bank Support”, allowing the attacker to call the victim while appearing legitimate,” the researchers explained. “This could also bypass fraud prevention measures that flag unknown numbers.”
The good news is that the fake contact will not make it into people’s Google accounts, so it won’t show up on other devices.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Numerous other improvements were introduced in the latest version, as well, which are mostly focused on evading traditional detection mechanisms. Furthermore, the malware now seems to have expanded its target scope, from focusing mostly on Turkey, to going global.
Android malware and Trojans are usually distributed through fake and third-party app stores, social media channels, and email.
Therefore, users are advised to only download Android apps from reputable sources (such as the Google Play Store, or Galaxy Store), and even there - to be careful. Reading through the reviews, minding the download count, and checking the developer’s reputation is a good way to spot malware.
Via BleepingComputer
You might also like
These dangerous Android malware apps have been installed millions of times
Take a look at our guide to the best authenticator app
We've rounded up the best password managers
Sead Fadilpašić
Social Links Navigation
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Dodgy Android smartphones are being preloaded with Triada malware
An old Android RAT has returned with some new tricks - here is what to look out for
This dastardly phishing attack has stolen nearly a million credit cards - here's how to stay safe
Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections
TikTok fans beware - experts warn dangerous malware spread by AI fake videos
Watch out - that antivirus website could be a fake, and infecting your PC with malware
Latest in Security
HPE flags critical StoreOnce auth bypass, users should update now
How we test antivirus software
I tested Bitdefender and McAfee in an antivirus software showdown, and here's what I found
FBI, Secret Service operation takes down AVCheck site used to test malware
Qualcomm finally patches Adreno GPU zero-day flaws used in Android attacks
Microsoft and other security experts want a proper naming system for the worst hackers around
Latest in News
A flood of Samsung Galaxy Z Fold 7 and Galaxy Z Flip 7 leaks have arrived – including a potential launch date
Microsoft accused of ‘tech extortion’ over Windows 10 support ending in campaign to get people to upgrade to Linux
Skullcandy launches its first premium ANC headphones to truly challenge Sony and Bose, and their cool cross-body travel bag is a great start
iOS 19 could bring new features to Messages, Music, and Notes
HPE flags critical StoreOnce auth bypass, users should update now
Hold the phone! Samsung has just teased a Galaxy Z Fold 7 Ultra
LATEST ARTICLES
I've chosen the best wireless chargers for different needs, after testing nearly 30 from all budget levels
Snap up the Bose Ultra Open Earbuds fast while they’re under $250 at Best Buy
Fed up with prompts to use Edge? Windows 11 users in Europe won’t get them anymore, but sadly everyone else will
A flood of Samsung Galaxy Z Fold 7 and Galaxy Z Flip 7 leaks have arrived – including a potential launch date
Microsoft accused of ‘tech extortion’ over Windows 10 support ending in campaign to get people to upgrade to Linux
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future's experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait...
Related News
08 Apr, 2025
BBC Celebrity Traitors signs Charlotte C . . .
16 Feb, 2025
30 Nostalgic Movies Of The 70s
09 Apr, 2025
Masters field urged to show better pace . . .
13 May, 2025
Hollywood Park Studios to serve as broad . . .
12 Apr, 2025
“Sit down. Make the deal. Move on” — Sha . . .
15 Mar, 2025
Injured Neymar ruled out of Brazil World . . .
05 Jun, 2025
Congratulations to WWE champion Jackson . . .
16 Apr, 2025
Boxing icon bravely completes 'miracle m . . .