Anthropic just released Claude Fable 5, calling it the most powerful AI model it has ever made widely available and praising its skills in biology, among others. But the model won’t answer basic biology questions — the kind you’d expect a high schooler to handle. Instead, it hands off the query to the former flagship model, Claude Opus 4.8.
Technology
Android malware poses as fake contacts to steal your personal data
NEWYou can now listen to Fox News articles!
Hacking keeps evolving, just like any other profession. Cybercriminals are always upgrading their tools, especially malware, to find new ways to scam people and steal data or money. The old tricks no longer work as well. Basic phishing rarely fools anyone twice, so hackers constantly look for new ways to break in.
They rely on whatever grabs your attention and doesn’t raise suspicion, things like social media ads, fake banking apps or updates that look completely normal. One of the fastest-growing threats in this space is Crocodilus.
First detected in early 2025, this Android banking Trojan takes over your contact list to make its scams look more legitimate and harder to spot.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.
Android phone (Kurt “CyberGuy” Knutsson)
Crocodilus malware: What Android users must know now
The Crocodilus malware was first documented by ThreatFabric cybersecurity researchers in late March 2025. They highlighted its extensive data theft and remote control capabilities.
Crocodilus uses Facebook to infect devices. It appears in ads that look normal, but once clicked, the malware installs itself on your device. In some cases, it mimicked banking and e-commerce apps in Poland, promising users free points in exchange for downloading an app. The link led to a fake site that delivered the malware. Although the ad was only live for a few hours, it still reached thousands of users, most of whom were over 35, a group more likely to have money in the bank.
Smaller but growing campaigns have also been reported in the United States, where Crocodilus disguised itself as crypto wallet tools, mining apps and financial services. These fake apps are often distributed through social media ads or phishing links, targeting Android users who are less likely to question a “legit-looking” financial app. While not yet widespread, the presence of Crocodilus in the U.S. underscores its global reach and rapidly evolving tactics.
ANDROID SECURITY UPGRADES OUTSMART SCAMS AND PROTECT YOUR PRIVACY
The Trojan has also been spotted in Spain, where it disguised itself as a browser update, targeting nearly every major Spanish bank. In Turkey, it posed as an online casino app. And the threat doesn’t stop there.
One of the biggest concerns with Crocodilus is its ability to add fake contacts to your phone, inserting entries like “Bank Support” into your contact list. So, if an attacker calls pretending to be from your bank, your phone may not flag it because it appears to be a trusted number, making social engineering scams much more convincing.
The latest version also includes a more advanced seed phrase collector, especially dangerous for cryptocurrency users. Crocodilus monitors your screen and uses pattern matching to detect and extract sensitive data, such as private keys or recovery phrases, all before quietly sending it to the attacker.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
How Crocodilus signals the future of mobile malware threats
Crocodilus shows us what the next wave of mobile threats might look like. It uses real ads to get into your phone. It blends into your digital life in ways that feel familiar. It does not need flashy tricks to succeed. It just needs to appear trustworthy.
This kind of malware is designed for scale. It targets large groups, works across different regions and updates fast. It can pretend to be a bank, a shopping app or even something harmless like a browser update. The scary part is how normal it all looks. People are not expecting something this malicious to hide inside something that looks like a gift.
The creators of Crocodilus understand how people think and act online. They are using that knowledge to build tools that work quietly and effectively. And they are not working alone. This kind of operation likely involves a network of developers, advertisers and distributors all working together.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
A woman working on her laptop with her phone nearby (Kurt “CyberGuy” Knutsson)
HR FIRM CONFIRMS 4M RECORDS EXPOSED IN MAJOR HACK
7 expert tips to protect your Android from Crocodilus malware
1. Avoid downloading apps from ads or unknown sources: Crocodilus often spreads through ads on social media platforms like Facebook. These ads promote apps that look like banking tools, e-commerce platforms or even crypto wallets. If you click and install one, you might be unknowingly downloading malware. Always search for apps directly on trusted platforms like the Google Play Store. Do not install anything from random links, especially those shared through ads, messages or unfamiliar websites.
2. Avoid suspicious links and install strong antivirus protection: Crocodilus spreads through deceptive ads and fake app links. These can look like legitimate banking tools, crypto apps or browser updates. Clicking on them may quietly install malware that hijacks your contacts, monitors your screen or steals login credentials. To stay safe, avoid clicking on links from unknown sources, especially those that promise rewards or warn of urgent problems. Installing strong antivirus software on your Android device adds another layer of protection. It can scan downloads, block malicious behavior and warn you about phishing attempts before they become a bigger issue. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Review app permissions carefully before and after installation: Before you install an app, take a moment to look at the permissions it asks for. If a shopping app wants access to your contacts, messages or screen, that is a red flag. After installing, go to your phone settings and double-check what permissions the app actually has. Malware like Crocodilus relies on overreaching permissions to steal data and gain control. If anything seems unnecessary, revoke the access or uninstall the app entirely.
4. Keep your Android device updated at all times: Security patches are released regularly to block known vulnerabilities. Crocodilus is designed to take advantage of outdated systems and bypass newer Android restrictions. By updating your phone and apps regularly, you reduce the chances of malware slipping through. Set your device to install updates automatically when possible and check manually every so often if you are not sure.
5. Consider using a data removal or monitoring service: While not a direct defense against malware, data removal services can help minimize the damage if your information has already been leaked or sold. These services monitor your personal data on the dark web and offer guidance if your credentials have been compromised. In a case like Crocodilus, where malware may harvest and transmit banking info or crypto keys, knowing your data exposure early can help you act before scammers do. Check out my top picks for data removal services here.
Get a free scan to find out if your personal information is already out on the web
6. Turn on Google Play Protect: Google Play Protect is a built-in security feature on Android phones that scans your apps for anything suspicious. To stay protected, make sure it’s turned on. You can check this by opening the Play Store, tapping your profile icon and selecting Play Protect. From there, you can see if it’s active and run a manual scan of all your installed apps. While it may not catch everything, especially threats from outside the Play Store, it’s still an important first layer of defense against harmful apps like Crocodilus.
7. Be skeptical of unfamiliar contacts or urgent messages: One of the newer tricks Crocodilus uses is modifying your contact list. It can add fake entries that look like customer service numbers or bank helplines. So, if you receive a call from “Bank Support,” it might not be real. Always verify phone numbers through official websites or documents. The same applies to messages asking for personal details or urgent logins. When in doubt, do not respond or click any links. Contact your bank or service provider directly.
DON’T CLICK THAT LINK! HOW TO SPOT AND PREVENT PHISHING ATTACKS IN YOUR INBOX
Kurt’s key takeaway
Crocodilus is one of the most advanced Android banking Trojans seen so far. It spreads through social media ads, hides inside apps that look real and collects sensitive data like banking passwords and crypto seed phrases. It can also add fake contacts to your phone to trick you during scam calls. If you use Android, avoid downloading apps from links in ads or messages. Only install apps from trusted sources like the Google Play Store. Keep your phone updated, and be careful if something looks too good to be true because it probably is.
Who should be held accountable when malware like Crocodilus spreads through platforms like Facebook? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips anbd security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Bluesky will be getting “communities,” which will function as smaller spaces where you can “go deeper and hang out with people who care about the same stuff” sometime this year, according to head of product Alex Benzer. They will be built on the decentralized AT Protocol that underpins Bluesky, with Benzer saying that “it’s a new structure for everyone” that’s part of the “Atmosphere” (a shorthand for the AT Protocol ecosystem).
Benzer listed out a “few ideas we have in mind so far” in a thread. “On Bluesky, you’ll be able to create communities, join them, post in them, and get updates,” Benzer says. “The core features on Bluesky stay simple. The magic comes from communities also existing on the open web. This means you can truly customize them and add features with other Atmospheric apps and tools.”
Communities will get a handle that “doubles as a URL,” and if you go to that URL, you’ll “land on a custom homepage for the community,” according to Benzer. “Builders can also host a completely custom experience there instead.” There will be three privacy levels for communities: public, invite-only, and private. And each community would have its own feed, Benzer says.
Benzer’s thread follows Bluesky COO Rose Wang saying last week that the company wanted to move away from being a “public square” and that it was “very inspired by companies like Reddit.” Meta’s Threads is currently testing a communities feature, while X announced in April that it would be shutting down its own take on communities.
NEWYou can now listen to Fox News articles!
Amazon is getting ready for Prime Day, and you can bet scammers are, too. In fact, I received a fake Amazon email that looked like an account recovery warning. It claimed there was unusual activity on my account and pushed me to “Sign In to Verify.”
That kind of message can make anyone uneasy. It certainly did for me. After all, who wants to lose access to an account right before a major sale? Then came the part that really stood out: the email said I might need to upload a document to confirm my account.
That was the giveaway. A real deal can save you money. A fake Amazon email can cost you your login, your payment details and even your identity.
Here’s how this scam works, the red flags that exposed it and the steps you should take before clicking any Amazon account warning.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
A fake Amazon account recovery email is targeting shoppers ahead of Prime Day, using urgency and document requests to steal sensitive information. (Photographer: David Paul Morris/Bloomberg via Getty Images)
Fake Amazon email warning before Prime Day
The timing made this phishing email more convincing. With Prime Day coming up, many people are already watching for Amazon emails. They may be checking delivery updates, deal alerts and order confirmations. That creates the perfect opening for a fake account warning.
The email used the same tricks you see in many phishing scams. It claimed there was account trouble, used urgent language and pushed me toward a sign-in button. That is exactly what scammers want.
Screenshot of scam fake Amazon email (Kurt “CyberGuy” Knutsson)
They want you to react before you inspect the message. They want you to sign in before you think through the request. And in this case, they wanted me to believe a document upload was part of a normal Amazon account check.
Amazon phishing scam red flags
This fake Amazon email had several warning signs. First, it landed in my junk folder. That alone does not prove fraud, but it should make you cautious.
Second, the subject line sounded awkward. It said, “Account Recovery: Sign-in and Verify your Amazon account.” That wording felt stiff and a little off.
Third, the greeting was generic. The email said “Dear Customer” even though it claimed to be about my Amazon account. That alone does not prove the email is fake, but it adds to the concern.
Fourth, the message created urgency. It claimed the account was on hold and that orders or subscriptions had already been canceled.
Fifth, the sender display name said “Amazon,” while the address appeared as account_update@amazon.com. That may look official at first. Still, scammers can spoof sender names or make email addresses look convincing.
Under the yellow “Sign In to Verify” button, the email also says, “Don’t share it with others.” That may sound protective, but in this context, it felt like another attempt to make the fake warning seem official.
The biggest warning sign came from the document request. The email said I would have the option to upload a document with the required information to verify the account.
That should stop you cold. Scammers may be after more than your Amazon password. They may also want your driver’s license, passport, address, phone number or payment details.
Screenshot of fake Amazon email sender address (Kurt “CyberGuy” Knutsson)
Why fake Amazon account emails fool shoppers
This scam works because it hits a very real fear. Most people do not want to lose access to an online shopping account. That concern grows when a big sale is about to start. If you are planning to buy something on Prime Day, an account warning can feel urgent.
The email also borrowed Amazon’s familiar look. It used the Amazon name, a logo area and a yellow sign-in button. It also included a footer that appeared to show an Amazon.com link. That can make the message feel safer than it really is.
Here is the problem. The visible link text in an email can mislead you. A link can appear to point to Amazon while sending you somewhere else. It can also pass through tracking links, redirects or look-alike pages. That is why you should avoid signing in through any account warning email.
120,000 FAKE SITES FUEL AMAZON PRIME DAY SCAMS
Scammers are impersonating Amazon with convincing account alerts designed to capture login credentials, payment details and personal documents. (Photographer: Michael Nagle/Bloomberg via Getty Images)
What happens if you click a fake Amazon link
If you click the link, you may land on a fake Amazon sign-in page. It may look close enough to fool you. Once you enter your email and password, scammers can try to access your real Amazon account. They may check your saved payment methods, shipping addresses and order history.
They may also try that same password on other websites. That becomes a bigger risk if you reuse passwords.
The document request adds another layer of danger. If a fake page asks for your ID, scammers could use that information for identity theft, account takeovers or other fraud. That is why one quick click can turn into a much bigger mess.
Ways to stay safe from fake Amazon emails
A fake Amazon email can look convincing at first, so the best move is to slow down and use these simple checks before you click, sign in or share anything.
1) Do not click the sign-in button
Skip buttons like “Sign In to Verify,” “View details” or “Restore access.” Open the Amazon app or type Amazon.com into your browser yourself.
2) Check Amazon’s Message Center
After signing in directly, go to Your Account > Message Center. If the alert is real, you should see a matching message there.
3) Watch for pressure language
Scammers often say your account is locked, your orders were canceled, or you must act right away. That pressure is designed to make you click before thinking.
4) Never upload ID through an email link
If an email asks for a passport, driver’s license or other document, stop. Contact Amazon through the app or website before sending anything.
5) Use a password manager
A password manager can help you spot fake login pages. If the page is fake, your saved Amazon password usually will not autofill. Check out the best expert-reviewed password managers of 2026 at CyberGuy.com.
6) Turn on two-step verification
7) Use strong antivirus software
Install strong antivirus software on your computer, phone and tablet. Good security software can help detect malicious links, phishing pages, malware and other threats before they do damage. This is especially important if you clicked a suspicious link or downloaded anything from a fake email. Security software should back up your smart habits, not replace them. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
8) Use a data removal service
Scammers often build more convincing attacks with information they find about you online. That can include your name, address, phone number, relatives, old usernames and other personal details from people-search sites and data brokers. A data removal service can help remove your personal information from many of those sites. That makes it harder for scammers to personalize phishing emails and identity theft attempts. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
9) Report the suspicious email
Forward suspicious Amazon emails to reportascam@amazon.com. Then delete the message from your inbox or junk folder.
JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR
Cybersecurity experts warn consumers to avoid clicking links in Amazon account warning emails and verify alerts directly through Amazon. (David Paul Morris/Bloomberg via Getty Images)
Kurt’s key takeaways
Prime Day is a great time to find real deals, but it is also a busy season for fake Amazon emails. Scammers know shoppers are checking delivery updates, watching for discounts and hoping nothing gets in the way of a good buy. That is what made this email so sneaky. It used a familiar fear at the perfect moment: losing access to your account right before a major sale. The safest move is to slow down before you click. Do not trust the button. Do not trust the sender name alone. Open the Amazon app or type Amazon.com into your browser and check your account yourself.
Have you ever received an email that looked official enough to make you click, and what finally made you stop? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
HOW TO DETECT FAKE AMAZON EMAILS AND AVOID IMPERSONATION SCAMS
Copyright 2026 CyberGuy.com. All rights reserved.
It isn’t because Fable doesn’t know the answers. It’s because Anthropic won’t let it, by design.
Fable is a public-facing, Mythos-class model, a family so capable at cybersecurity tasks Anthropic said it was too dangerous to release publicly. But while Anthropic has spent much of the extended Mythos rollout warning about cybersecurity, it is biology where Fable’s guardrails are the most obvious — and most limiting.
When I tried the model, it refused to answer a range of basic biology questions, many that felt about as far away from any plausible safety risk as any question could be. It would not respond to “tell me about cell membranes” or answer “what are mitochondria,” that famous powerhouse of the cell. It refused to explain “what is a prion,” the proteinaceous particles behind mad cow disease, or “how mRNA vaccines work.”
“We made this tradeoff so customers could benefit from the model’s capabilities sooner without the risks.”
The restrictions applied to ordinary and objectively rather harmless medical queries too. Fable would not answer “what causes hay fever,” explain how asthma medicine works, explain how antibiotic resistance arises, or tell me what Ebola is and how it spreads. Some of my basic queries occasionally got through, with Fable answering questions like “what is cancer” and “what is DNA.” When Fable refused, Opus 4.8 generally answered perfectly well.
Anthropic says the broad biology filters are an intentional choice and are deliberately conservative, with bioweapons the primary concern. “With the launch of Claude Fable 5, our first Mythos-class model, we believe models now have a greater ability to accomplish real-world scientific tasks and for malicious actors to potentially use our models for highly risky biological research,” spokesperson Paruul Maheshwary told The Verge. “We have always used classifiers to block our models from helping with bioweapons-related requests. To deploy Fable 5 safely, we believe it was necessary to be overly conservative with our safeguards so they block most queries tied to biology work.”
Anthropic has previously highlighted four key areas where it would throttle Fable’s responses for safety: chemistry, biology, cybersecurity, and distillation, a technique for training smaller AIs using the outputs of larger ones. The company has accused Chinese rivals like DeepSeek of using distillation on its models on an “industrial” scale.
While I could not meaningfully test distillation, Fable seemed more willing to answer questions about chemistry and cybersecurity. For example, it gave a basic overview of the explosive TNT, though withheld synthesis instructions “for obvious reasons.” It readily answered questions on the use of chlorine gas as a chemical weapon, common password threats, and nuclear fusion and fission, as well as explaining how to secure an iPhone from hackers. It still limits: Fable deferred to Opus when I asked it about sarin gas, a highly toxic nerve agent. Fable and Opus both refused the prompt “how to make anthrax,” and Claude paused the chat entirely. That made sense. The mitochondria prompt refusal seems like a false positive.
“We made this tradeoff so customers could benefit from the model’s capabilities sooner without the risks,” Maheshwary explained, adding that Anthropic is working hard to improve its detection and reduce the false positives. “We intend to make Mythos-class models available without these safeguards to the broader biology and life sciences community so these capabilities can be used to accelerate biomedical research and drug discovery.”
Anthropic did not answer questions about whether this kind of restricted release will become the new norm for future models.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
-
Ohio4 minutes agoStorms bring down trees and knocks out power to thousands in Northeast Ohio
-
Oklahoma11 minutes agoMan dies after apartment fire in northwest Oklahoma City
-
Oregon14 minutes agoOregon Puts Out Stricter Air Quality Guidelines for Outdoor Youth Activities
-
Pennsylvania19 minutes agoPride on Passyunk | Pennsylvania
-
Rhode Island26 minutes agoA-List Cast Grows For Movie About This Wild RI Story
-
South-Carolina29 minutes ago
South Carolina Buc-ee’s draws customers from North Carolina
-
South Dakota34 minutes agoStrong winds, rain expected Thursday across South Dakota
-
Tennessee41 minutes agoTennessee’s Ban on THCA
