This Android malware inserts false contacts in the address book pretending to be your bank

Android malware Crocodilusone of the most insidious bank trojans discovered in 2025, has been updated with a feature that makes a quality leap to its social engineering, or the ability to self-deject fake contacts directly in the compromised device address book.

Analyzed by Threat FabricCrocodilus was already known for an arsenal of advanced techniques, namely: overlay phishing with UI Spoophate to steal credentials, Keyloggers who monitor every single input and the abuse of Android accessibility services To bypass the safety mechanisms, all aimed at emptying currents and Crypto wallets.

The novelty consists in the fact that this malware is now able to automatically create false items in the address book, using names of “reliable” contacts such as, for example, “bank support”. This trick serves to make incoming calls appear as coming from reliable numbers, an ingenious bypass to anti -flavored systems, which usually block or ignore calls from unknown or anonymous numbers.

The interesting technical detail is that these fake contacts are not synchronized on cloud or Google account, remaining only locally. This means that persistence is limited to the infected device, but the risk for the user remains very high, as the scam gains in credibility and realism.

From the point of view of the diffusion, Crocodilus has expanded its range of action; Originally widespread mainly in Türkiye, the Trojan has expanded its range of action, propagating globally through counterfeit apknon -official alternative stores, phishing campaigns via email and malicious links spread on social networks.

To protect yourself from threats such as Crocodilus it is important to download the apps exclusively from official stores such as Google Play, always check the requested permits and reviews before installation and remain vigilant on any abnormal phone behaviors, such as sudden slowdowns, unusual consumption of battery or suspicious data traffic.

Crocodilus confirms how much mobile threats are becoming more and more sophisticated, leveraging advanced social engineering techniques and exploiting even legitimate functionality of the operating system as attack tools. Those who use or develop for Android must maintain a high level of attention and constantly update their defense strategies.