Android lets scammers impersonate friends using sneaky malware trick
By
Gian T
- Replies 0
If you thought scam calls and dodgy texts were as bad as it gets, think again—there’s a new trick in the cybercriminal playbook, and it’s targeting Android users in a way that’s sneakier than ever before.
Imagine picking up your phone to see a call from 'Bank Support' or another trusted contact, only to discover it’s a scammer on the other end. Sound far-fetched? Unfortunately, it’s not.
A new variant of the Crocodilus Android trojan has been making waves in the cybersecurity world, and it’s got a devious new feature: the ability to add fake contacts directly to your phone’s address book.
This means scammers can make their calls look like they’re coming from someone you trust—making it much harder to spot a scam before it’s too late.
First detected by security experts at Threat Fabric in March 2025, Crocodilus is no ordinary piece of malware.
Initially, it was known for targeting banking apps, using sneaky tactics such as overlay attacks (where a fake screen is placed over a real app to steal your details), keylogging (recording everything you type), and abusing Android’s Accessibility Services to gain deep access to your device.
Its main goal is to steal sensitive information, drain your bank accounts, and even swipe your cryptocurrency.
But now, Crocodilus has evolved. Its latest trick is to add new contacts to your phone—without you ever knowing.
All it takes is a secret command sent by the attacker, and suddenly, your contact list might include a number labelled 'Bank Support' or 'MyGov Helpdesk'.
If you get a call from that number, you’d be forgiven for thinking it’s the real deal.
The scam begins when your phone is infected with Crocodilus, typically after you download a dodgy app from a third-party store or click a suspicious link.
The malware then receives a command from the attacker to silently add a new contact—such as 'Bank Support'—to your phone.
When the scammer calls, the name 'Bank Support' appears instead of an unknown number, making you more likely to trust the call.
Believing it’s legitimate, you might follow their instructions, potentially handing over sensitive information or authorising a fraudulent transaction.
What makes this tactic especially sneaky is that the fake contact doesn’t sync with your Google account, so it stays hidden on your device and won’t appear on your other gadgets.
Let’s face it: scammers often target older Australians, knowing we’re more likely to answer the phone and less likely to suspect a scam—especially if the caller appears to be from a trusted organisation.
This new trick makes it even harder to tell the difference between a real call and a fake one.
Plus, with so many of us relying on our phones for banking, Medicare, and staying in touch with family, the risks are higher than ever.
A convincing scam call could lead to financial loss, identity theft, or worse.
The good news is there are simple steps you can take to stay safe: only download apps from trusted sources like the Google Play Store or your phone manufacturer’s app store, and avoid third-party stores or suspicious links.
Always check app reviews, download numbers, and developer details—if anything seems off, don’t proceed. Keep your phone and apps updated, as updates often include crucial security patches.
Be cautious of unexpected calls, even from seemingly trusted contacts; if your bank or a government agency calls, hang up and call back using the official number.
Consider installing a reputable security app to help detect and block malware, and regularly review your contact list—delete anything unfamiliar and run a security scan.
If you suspect your phone has been compromised, don’t panic. Here’s what to do:
Have you ever received a suspicious call from someone claiming to be your bank or another trusted organisation? Or have you noticed strange contacts appearing on your phone? Share your experiences and tips in the comments below.
Read more: Protect your bank account: Discover how this new malware hijacks your financial calls!
Imagine picking up your phone to see a call from 'Bank Support' or another trusted contact, only to discover it’s a scammer on the other end. Sound far-fetched? Unfortunately, it’s not.
A new variant of the Crocodilus Android trojan has been making waves in the cybersecurity world, and it’s got a devious new feature: the ability to add fake contacts directly to your phone’s address book.
This means scammers can make their calls look like they’re coming from someone you trust—making it much harder to spot a scam before it’s too late.
First detected by security experts at Threat Fabric in March 2025, Crocodilus is no ordinary piece of malware.
Initially, it was known for targeting banking apps, using sneaky tactics such as overlay attacks (where a fake screen is placed over a real app to steal your details), keylogging (recording everything you type), and abusing Android’s Accessibility Services to gain deep access to your device.
Its main goal is to steal sensitive information, drain your bank accounts, and even swipe your cryptocurrency.
But now, Crocodilus has evolved. Its latest trick is to add new contacts to your phone—without you ever knowing.
All it takes is a secret command sent by the attacker, and suddenly, your contact list might include a number labelled 'Bank Support' or 'MyGov Helpdesk'.
If you get a call from that number, you’d be forgiven for thinking it’s the real deal.
The scam begins when your phone is infected with Crocodilus, typically after you download a dodgy app from a third-party store or click a suspicious link.
The malware then receives a command from the attacker to silently add a new contact—such as 'Bank Support'—to your phone.
When the scammer calls, the name 'Bank Support' appears instead of an unknown number, making you more likely to trust the call.
What makes this tactic especially sneaky is that the fake contact doesn’t sync with your Google account, so it stays hidden on your device and won’t appear on your other gadgets.
Let’s face it: scammers often target older Australians, knowing we’re more likely to answer the phone and less likely to suspect a scam—especially if the caller appears to be from a trusted organisation.
This new trick makes it even harder to tell the difference between a real call and a fake one.
Plus, with so many of us relying on our phones for banking, Medicare, and staying in touch with family, the risks are higher than ever.
A convincing scam call could lead to financial loss, identity theft, or worse.
Always check app reviews, download numbers, and developer details—if anything seems off, don’t proceed. Keep your phone and apps updated, as updates often include crucial security patches.
Be cautious of unexpected calls, even from seemingly trusted contacts; if your bank or a government agency calls, hang up and call back using the official number.
Consider installing a reputable security app to help detect and block malware, and regularly review your contact list—delete anything unfamiliar and run a security scan.
If you suspect your phone has been compromised, don’t panic. Here’s what to do:
- Run a security scan using a trusted antivirus app.
- Delete any suspicious apps you don’t recognise.
- Change your passwords for important accounts, especially banking and email.
- Contact your bank immediately if you think your financial information has been stolen.
- Consider doing a factory reset of your phone (after backing up your important data).
Key Takeaways
- Security researchers have discovered a new Android malware variant called Crocodilus, which can now add fake contacts to a device’s contact list to make scam calls look more convincing.
- The fake contacts, like ones labelled 'Bank Support', do not sync to Google accounts, so they’ll only appear on the infected device and won’t show up on other devices.
- Crocodilus has recently been updated with several features to avoid detection better and has expanded its targets from mainly Turkey to a global scale.
- Experts advise only downloading apps from trusted sources like the Google Play Store and checking reviews and developer reputations, as Android malware is often spread via fake app stores, social media, or dodgy emails.
Read more: Protect your bank account: Discover how this new malware hijacks your financial calls!