One of the simplest ways to evade scam calls is to ignore numbers you don’t recognize. However, a new Android trojan named Crocodilus complicates this approach for users. This malware has the disturbing capacity to create fake contacts on infected devices, making it harder to identify scam calls.

Once a device is compromised by the Crocodilus Trojan, it generates a fake contact in your list. This means that calls from malicious sources may not appear as unknown numbers; instead, they present as trusted contacts that the malware has manufactured. This poses a serious risk, especially if the attacker disguises themselves as a bank or a family member.

According to a report from Threat Fabric, the Trojan aims to enhance the attacker’s control by linking a phone number to a credible name, such as “Bank Support.” This tactic can deceive the victim, allowing the attacker to make calls while seeming trustworthy. Such schemes can also circumvent fraud protection measures that typically flag unfamiliar numbers. Originally, Crocodilus was found in Turkey with limited social engineering tactics.

However, the latest findings indicate that it is now expanding globally. The report highlights campaigns targeting Spanish users under the guise of a browser update, particularly focusing on numerous Spanish banks. Additionally, smaller operations have been observed that involve apps from various countries including Argentina, Brazil, Spain, the US, Indonesia, and India.

To safeguard yourself from such threats, it’s advisable to follow basic safety practices. Avoid opening emails or downloading attachments from unknown senders and refrain from clicking links in messages from unfamiliar contacts. While these measures may not guarantee complete protection from all forms of malware, they are essential steps towards enhancing your security.