Ignoring worrying new Android 'risk' could be costly - all users put on red alert

Everyone with an Android phone in their pocket needs to be on high alert and watch out for a worrying new attack. The latest threat targeting these popular ranges of call makers - called Crocodilus - attempts to steal money and personal data via a very sneaky trick. As spotted by the eagle-eyed team at Threat Fabric, Crocodilus infects phones via pop-up adverts that are appearing on social media platforms.

These official-looking sponsored messages encourage users to download an app with the promise that once it's installed, users will be able to claim prizes or grab financial incentives.

However, this is simply a cover story, and what really happens is that devices get infected with Crocodilus instead. So why is this bug so nasty and proving so effective for scammers?

One of the scariest features of Crocodilus is its ability to add names and numbers to users' contact lists.

Explaining more, Threat Fabric said: "A key feature update is the ability to modify the contact list on an infected device.

"We believe the intent is to add a phone number under a convincing name such as “Bank Support”, allowing the attacker to call the victim while appearing legitimate. This could also bypass fraud prevention measures that flag unknown numbers."

Clearly, that's a very worrying function and it's easy to see how some are getting caught out especially if not aware that their contacts have been tampered with.

With the risk of money being lost, Threat Fabric is now urging all Android users to "stay vigilant".

"The latest campaigns involving the Crocodilus Android banking Trojan signal a concerning evolution in both the malware's technical sophistication and its operational scope," the Threat Fabric team added.

"As Crocodilus continues to evolve, organisations and users alike must stay vigilant and adopt proactive security measures to mitigate the risks posed by this increasingly sophisticated malware."

One very good piece of advice is to download apps only from official online marketplaces. Although Google's Play Store has had some issues in the past, the US technology giant has worked hard to make sure less dangerous applications end up on its servers.

Before installing any software, it's also a good idea to check the developer and read the reviews as these will often give you a good idea of issues with the app before installing it.