Cybersecurity firm Threat Fabric says it has found a new family of mobile-device malware that can launch a fake overlay for certain apps to trick Android users into providing their crypto seed phrases as it takes over the device.
Threat Fabric analysts said in a March 28 report that the Crocodilus malware uses a screen overlay warning users to back up their crypto wallet key by a specific deadline or risk losing access.
“Once a victim provides a password from the application, the overlay will display a message: Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet,” Threat Fabric said.
“This social engineering trick guides the victim to navigate to their seed phrase wallet key, allowing Crocodilus to harvest the text using its accessibility logger.”
Source: <a