A dangerous new smartphone trojan has been targeting users in Poland, prompting cybersecurity experts to issue urgent warnings about the safety of personal data stored on mobile devices.
Several months ago, cybersecurity firm ThreatFabric identified a powerful new mobile trojan called “Crocodilus”, which has rapidly evolved into a global threat. Initially discovered in Turkey in March 2025, the malware has since spread to victims in Europe, South America, and even Asia. In recent weeks, Crocodilus has actively targeted Polish users via malicious ads on social media platforms.
How Crocodilus Infects Devices
The malware operates with alarming precision. Victims typically see what appears to be a harmless advertisement on social media, often promoting a fake banking or shopping app with the promise of a bonus or discount. Once the user downloads the counterfeit app, surveillance begins immediately. Crocodilus then takes control of the device, often by overlaying fake login screens onto real banking apps, tricking users into entering sensitive information. That data is then sent directly to cybercriminals.
In Poland, these ads were reportedly targeted at users aged 35 and older—a demographic considered more likely to have substantial financial resources.
Image 1: Malicious advertisement identified by ThreatFabric.com as a vector for Crocodilus infection.
What Crocodilus Can Do
The latest versions of Crocodilus are even more dangerous. They can add fake contacts to a victim’s phone, which creates a risk of receiving phone calls that appear to come from trusted institutions like banks—when in fact, they are from attackers. Additionally, access to SMS messages, authentication codes, and device location may be compromised.
“There’s a real risk of receiving a call that seems to be from a trusted organization, only to find out it’s a scam. The malware’s access to your messages, codes, and geolocation makes it a serious surveillance threat,” warns cybersecurity experts from Check Point Software.
A Rising Global Threat
According to Check Point Software Technologies, 65% of companies worldwide experienced a mobile-related cyberattack in the past year. Moreover, attacks on Android devices increased by 35% in 2024 compared to the previous year. Experts are sounding the alarm: mobile malware is no longer a niche concern—it’s a full-fledged threat operating around the clock.
In Poland, where 75% of citizens now use their phones to make purchases, this rising threat is especially concerning. Financial malware like Crocodilus turns smartphones into lucrative targets for cybercriminals.
Why Crocodilus Is So Dangerous
Crocodilus may not be the first trojan targeting smartphones, but it could be one of the most dangerous to date. Its success lies in its agile evolution. Its developers constantly update its features to bypass Google Play Protect and evade detection by traditional antivirus programs.
With mobile phones becoming digital wallets, ID cards, and communication hubs, mobile security is now one of the most urgent challenges in the digital world.
Source: CEO.com.pl – New Trojan “Crocodilus” Attacks Smartphones in Poland
