A dangerous Android malware called Crocodilus has developed a new way to fool smartphone users. It can now secretly add fake names to the contact list on an infected phone. This makes it easier for hackers to pretend they are calling from trusted people or organizations.
How Crocodilus Fools Users
When a phone is infected with Crocodilus, the malware can automatically add new contacts without the owner’s permission. These contacts can be given names that sound familiar or trustworthy, such as banks, service centers, or even personal contacts. If the hacker later calls the victim, the phone will display the fake name instead of the real caller ID, making it easier to trick the user into answering and trusting the call.
This process happens when the malware receives a secret command. It uses Android’s contact system to quickly add these fake names to the local contact list. Since these contacts are saved only on the phone, they won’t appear on other devices linked to the same Google account.
The Malware Has Spread Worldwide
Crocodilus was first discovered in March 2025 by security researchers. In the early days, it mostly affected a small number of users in Turkey. At that time, it already had tools to steal information and control infected phones from a distance. It also tried to trick people by showing fake messages, like warning users to back up their cryptocurrenc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.