Technology
Android malware poses as fake contacts to steal your personal data
NEWYou can now listen to Fox News articles!
Hacking keeps evolving, just like any other profession. Cybercriminals are always upgrading their tools, especially malware, to find new ways to scam people and steal data or money. The old tricks no longer work as well. Basic phishing rarely fools anyone twice, so hackers constantly look for new ways to break in.
They rely on whatever grabs your attention and doesn’t raise suspicion, things like social media ads, fake banking apps or updates that look completely normal. One of the fastest-growing threats in this space is Crocodilus.
First detected in early 2025, this Android banking Trojan takes over your contact list to make its scams look more legitimate and harder to spot.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.
Android phone (Kurt “CyberGuy” Knutsson)
Crocodilus malware: What Android users must know now
The Crocodilus malware was first documented by ThreatFabric cybersecurity researchers in late March 2025. They highlighted its extensive data theft and remote control capabilities.
Crocodilus uses Facebook to infect devices. It appears in ads that look normal, but once clicked, the malware installs itself on your device. In some cases, it mimicked banking and e-commerce apps in Poland, promising users free points in exchange for downloading an app. The link led to a fake site that delivered the malware. Although the ad was only live for a few hours, it still reached thousands of users, most of whom were over 35, a group more likely to have money in the bank.
Smaller but growing campaigns have also been reported in the United States, where Crocodilus disguised itself as crypto wallet tools, mining apps and financial services. These fake apps are often distributed through social media ads or phishing links, targeting Android users who are less likely to question a “legit-looking” financial app. While not yet widespread, the presence of Crocodilus in the U.S. underscores its global reach and rapidly evolving tactics.
ANDROID SECURITY UPGRADES OUTSMART SCAMS AND PROTECT YOUR PRIVACY
The Trojan has also been spotted in Spain, where it disguised itself as a browser update, targeting nearly every major Spanish bank. In Turkey, it posed as an online casino app. And the threat doesn’t stop there.
One of the biggest concerns with Crocodilus is its ability to add fake contacts to your phone, inserting entries like “Bank Support” into your contact list. So, if an attacker calls pretending to be from your bank, your phone may not flag it because it appears to be a trusted number, making social engineering scams much more convincing.
The latest version also includes a more advanced seed phrase collector, especially dangerous for cryptocurrency users. Crocodilus monitors your screen and uses pattern matching to detect and extract sensitive data, such as private keys or recovery phrases, all before quietly sending it to the attacker.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
How Crocodilus signals the future of mobile malware threats
Crocodilus shows us what the next wave of mobile threats might look like. It uses real ads to get into your phone. It blends into your digital life in ways that feel familiar. It does not need flashy tricks to succeed. It just needs to appear trustworthy.
This kind of malware is designed for scale. It targets large groups, works across different regions and updates fast. It can pretend to be a bank, a shopping app or even something harmless like a browser update. The scary part is how normal it all looks. People are not expecting something this malicious to hide inside something that looks like a gift.
The creators of Crocodilus understand how people think and act online. They are using that knowledge to build tools that work quietly and effectively. And they are not working alone. This kind of operation likely involves a network of developers, advertisers and distributors all working together.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
A woman working on her laptop with her phone nearby (Kurt “CyberGuy” Knutsson)
HR FIRM CONFIRMS 4M RECORDS EXPOSED IN MAJOR HACK
7 expert tips to protect your Android from Crocodilus malware
1. Avoid downloading apps from ads or unknown sources: Crocodilus often spreads through ads on social media platforms like Facebook. These ads promote apps that look like banking tools, e-commerce platforms or even crypto wallets. If you click and install one, you might be unknowingly downloading malware. Always search for apps directly on trusted platforms like the Google Play Store. Do not install anything from random links, especially those shared through ads, messages or unfamiliar websites.
2. Avoid suspicious links and install strong antivirus protection: Crocodilus spreads through deceptive ads and fake app links. These can look like legitimate banking tools, crypto apps or browser updates. Clicking on them may quietly install malware that hijacks your contacts, monitors your screen or steals login credentials. To stay safe, avoid clicking on links from unknown sources, especially those that promise rewards or warn of urgent problems. Installing strong antivirus software on your Android device adds another layer of protection. It can scan downloads, block malicious behavior and warn you about phishing attempts before they become a bigger issue. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Review app permissions carefully before and after installation: Before you install an app, take a moment to look at the permissions it asks for. If a shopping app wants access to your contacts, messages or screen, that is a red flag. After installing, go to your phone settings and double-check what permissions the app actually has. Malware like Crocodilus relies on overreaching permissions to steal data and gain control. If anything seems unnecessary, revoke the access or uninstall the app entirely.
4. Keep your Android device updated at all times: Security patches are released regularly to block known vulnerabilities. Crocodilus is designed to take advantage of outdated systems and bypass newer Android restrictions. By updating your phone and apps regularly, you reduce the chances of malware slipping through. Set your device to install updates automatically when possible and check manually every so often if you are not sure.
5. Consider using a data removal or monitoring service: While not a direct defense against malware, data removal services can help minimize the damage if your information has already been leaked or sold. These services monitor your personal data on the dark web and offer guidance if your credentials have been compromised. In a case like Crocodilus, where malware may harvest and transmit banking info or crypto keys, knowing your data exposure early can help you act before scammers do. Check out my top picks for data removal services here.
Get a free scan to find out if your personal information is already out on the web
6. Turn on Google Play Protect: Google Play Protect is a built-in security feature on Android phones that scans your apps for anything suspicious. To stay protected, make sure it’s turned on. You can check this by opening the Play Store, tapping your profile icon and selecting Play Protect. From there, you can see if it’s active and run a manual scan of all your installed apps. While it may not catch everything, especially threats from outside the Play Store, it’s still an important first layer of defense against harmful apps like Crocodilus.
7. Be skeptical of unfamiliar contacts or urgent messages: One of the newer tricks Crocodilus uses is modifying your contact list. It can add fake entries that look like customer service numbers or bank helplines. So, if you receive a call from “Bank Support,” it might not be real. Always verify phone numbers through official websites or documents. The same applies to messages asking for personal details or urgent logins. When in doubt, do not respond or click any links. Contact your bank or service provider directly.
DON’T CLICK THAT LINK! HOW TO SPOT AND PREVENT PHISHING ATTACKS IN YOUR INBOX
Kurt’s key takeaway
Crocodilus is one of the most advanced Android banking Trojans seen so far. It spreads through social media ads, hides inside apps that look real and collects sensitive data like banking passwords and crypto seed phrases. It can also add fake contacts to your phone to trick you during scam calls. If you use Android, avoid downloading apps from links in ads or messages. Only install apps from trusted sources like the Google Play Store. Keep your phone updated, and be careful if something looks too good to be true because it probably is.
Who should be held accountable when malware like Crocodilus spreads through platforms like Facebook? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips anbd security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
It’s still hard to believe that Hollow Knight: Silksong actually came out this year, but now, we all have a new thing to wait for: the game is getting a free expansion in 2026, titled Sea of Sorrow. Team Cherry calls it the game’s “first big expansion.”
“New areas, bosses, tools, and more!” Team Cherry says in a blog post. “Hornet’s adventures continue in our nautically themed expansion, coming free for all players next year. We’ll keep further details a secret for now, but expect additional info shortly before Hollow Knight: Silksong – Sea of Sorrow releases.”
More than 7 million people bought Silksong, according to Team Cherry, and “millions more” played on Xbox Game Pass.
The original Hollow Knight is getting updated, too. Team Cherry is working on a Nintendo Switch 2 Edition of the game that “incorporates all the updates and enhancements that Silksong received on the platform: High frame-rate modes, higher resolutions, and many additional graphical effects.” Players who own the Switch version of the game will get the Nintendo Switch 2 Edition as a free update when it’s available in 2026.
Ahead of that launch, Team Cherry says it will be “updating all versions of the original game for current platforms, adding features and fixing bugs.” Those changes include “full 16:10 and 21:9 aspect ratio support for those of you with Steam Decks or ultrawide monitors,” and PC players can try the new updates in public beta.
NEWYou can now listen to Fox News articles!
Petco revealed a data breach that exposed sensitive customer information. The company disclosed the details in state filings after identifying a configuration in one of its software applications that made certain files accessible online. This issue has now been corrected, but the impact is significant.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS
Petco disclosed a breach that exposed customer data after a software setting left files accessible online. (Photographer: Tiffany Hagler-Geard/Bloomberg via Getty Images)
What Petco says the breach exposed
According to reports filed with the Texas attorney general’s office, the exposed data included names, Social Security numbers, driver’s license numbers, financial account details, credit or debit card numbers and dates of birth. Filings in California, Massachusetts and Montana confirm additional affected residents.
In California, companies must report breaches involving at least 500 state residents. Petco did not disclose the exact number, which suggests the real total is higher. For context, Petco said in 2022 that it served more than 24 million customers.
Petco says the company sent notifications to individuals whose information was involved. The sample notice released by the California attorney general explains that a software setting allowed certain files to be accessible online. Petco says it removed those files, corrected the setting and added new security measures.
The company is offering free credit and identity theft monitoring to victims in California, Massachusetts and Montana. It is not clear if similar support is being offered to affected Texas residents.
We reached out to Petco for comment, and a representative provided CyberGuy with the following statement,
“We recently identified a setting in one of our applications which inadvertently made certain Petco files accessible online. Upon identifying the issue, we took immediate steps to correct the error and began an investigation. We notified individuals whose information was involved and continue to monitor for further issues. We take this incident seriously. To help prevent something like this from happening again, we have taken and will continue to take steps to enhance the security of our network.”
What this breach means for you
A breach that exposes government IDs, financial numbers and birth dates creates long-term risks. Criminals use this mix of information to open accounts, take over existing ones or try to pass identity checks. Even if no fraud happens right away, exposed data can sit in criminal markets for years.
Ways to stay safe after a breach like this
You can take several steps today that help lower your risk and protect your identity going forward.
1) Place a credit freeze
A freeze blocks new credit accounts in your name. It also stops criminals from opening loans or credit cards with your stolen information. You can freeze your credit for free at Equifax, Experian and TransUnion.
2) Add two more freezes
Two additional freezes cover accounts that do not run through the major credit bureaus. Freeze ChexSystems to stop criminals from opening checking or savings accounts. Freeze NCTUE to block fake phone, cable or utility accounts.
3) Turn on account alerts
Set up alerts for banking, credit cards and online shopping accounts. Alerts help you spot suspicious activity fast.
4) Use a password manager
Strong passwords protect you from credential stuffing attacks. This happens when criminals take stolen passwords from one breach and try them on other sites. A password manager creates unique passwords for every account and helps you stop those attacks before they start.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
5) Monitor your identity
If Petco offered you free identity theft monitoring, enroll as soon as possible. It helps you catch fraud that can happen months or years later.
Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com
WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW
State filings show Petco customers had Social Security and financial information exposed in the breach. (Photo by Justin Sullivan/Getty Images)
6) Remove exposed personal data
Data broker sites collect and share personal details that fuel scams. Removing your information reduces your exposure and makes you a harder target.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
WHY SCAMMERS OPEN BANK ACCOUNTS IN YOUR NAME
Petco says it corrected the software issue and notified individuals whose information was compromised. (Photo by Paul Weaver/SOPA Images/LightRocket via Getty Images)
7) Watch for phishing and use strong antivirus software
Scammers often follow a breach with emails or texts that look real. Slow down and check every message before you click. A strong antivirus helps block malicious links and alerts you when something looks risky.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
Kurt’s key takeaways
Data breaches happen often, but this one involves information that can cause lasting harm. You can protect yourself with a few quick steps that reduce the chance of fraud and limit how far criminals can get with your data.
How much trust do you place in companies to protect your personal information? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2025 CyberGuy.com. All rights reserved.
Amazon has launched a new AI feature in the Kindle app that gives spoiler-free answers to questions about the book you’re reading and confirmed that authors can’t opt out from the feature.
The company calls Ask this Book an “expert reading assistant” in its announcement and says that it’s capable of answering questions about “plot details, character relationships, and thematic elements,” all while avoiding spoilers by limiting its answers to content from the pages you’ve read so far. It’s essentially an in-book chatbot, accessible from the book menu or by highlighting a passage of text you want to ask about.
Amazon spokesperson Ale Iraheta told Publishers Lunch that the answers are “non-shareable and non-copyable” and only available to readers who’ve purchased or rented books. Iraheta also said that the feature is always on, noting that “there is no option for authors or publishers to opt titles out.”
Florida designates Muslim Brotherhood and CAIR as foreign terrorist organizations, DeSantis says
Student unearths 150-million-year-old dinosaur fossil on first day of Montana dig: ‘Very exciting’
‘We stay praying about it:’ Suspect in deadly Detroit hit and run charged
15 injured after San Francisco cable car comes to screeching halt
City Hall’s future is an opportunity for its leadership
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Brown Student Has Survived Two School Shootings
DC police accused of manipulating crime stats as federal probe finds thousands of misclassified cases
All eyes on Italy as Mercosur deal hangs in the balance
Australia announces strict new gun laws. Here’s how it can act so swiftly
Video: Rob Reiner and His Wife Are Found Dead in Their Los Angeles Home
-
Alaska1 week agoHowling Mat-Su winds leave thousands without power
-
Texas1 week agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
Washington7 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa1 week agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire
-
Iowa3 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Iowa1 day agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Miami, FL1 week agoUrban Meyer, Brady Quinn get in heated exchange during Alabama, Notre Dame, Miami CFP discussion
-
Cleveland, OH1 week agoMan shot, killed at downtown Cleveland nightclub: EMS