Android lets scammers impersonate friends using sneaky malware trick

If you thought scam calls and dodgy texts were as bad as it gets, think again—there’s a new trick in the cybercriminal playbook, and it’s targeting Android users in a way that’s sneakier than ever before.

Imagine picking up your phone to see a call from 'Bank Support' or another trusted contact, only to discover it’s a scammer on the other end. Sound far-fetched? Unfortunately, it’s not.


A new variant of the Crocodilus Android trojan has been making waves in the cybersecurity world, and it’s got a devious new feature: the ability to add fake contacts directly to your phone’s address book.

This means scammers can make their calls look like they’re coming from someone you trust—making it much harder to spot a scam before it’s too late.


1749447177844.png
A new Android malware variant, Crocodilus, has been discovered to add fake contacts, making scam calls appear more authentic. Credit: Pexels



First detected by security experts at Threat Fabric in March 2025, Crocodilus is no ordinary piece of malware.

Initially, it was known for targeting banking apps, using sneaky tactics such as overlay attacks (where a fake screen is placed over a real app to steal your details), keylogging (recording everything you type), and abusing Android’s Accessibility Services to gain deep access to your device.

Its main goal is to steal sensitive information, drain your bank accounts, and even swipe your cryptocurrency.


But now, Crocodilus has evolved. Its latest trick is to add new contacts to your phone—without you ever knowing.

All it takes is a secret command sent by the attacker, and suddenly, your contact list might include a number labelled 'Bank Support' or 'MyGov Helpdesk'.

If you get a call from that number, you’d be forgiven for thinking it’s the real deal.

The scam begins when your phone is infected with Crocodilus, typically after you download a dodgy app from a third-party store or click a suspicious link.

The malware then receives a command from the attacker to silently add a new contact—such as 'Bank Support'—to your phone.

When the scammer calls, the name 'Bank Support' appears instead of an unknown number, making you more likely to trust the call.


Believing it’s legitimate, you might follow their instructions, potentially handing over sensitive information or authorising a fraudulent transaction.

What makes this tactic especially sneaky is that the fake contact doesn’t sync with your Google account, so it stays hidden on your device and won’t appear on your other gadgets.

Let’s face it: scammers often target older Australians, knowing we’re more likely to answer the phone and less likely to suspect a scam—especially if the caller appears to be from a trusted organisation.

This new trick makes it even harder to tell the difference between a real call and a fake one.

Plus, with so many of us relying on our phones for banking, Medicare, and staying in touch with family, the risks are higher than ever.

A convincing scam call could lead to financial loss, identity theft, or worse.


The good news is there are simple steps you can take to stay safe: only download apps from trusted sources like the Google Play Store or your phone manufacturer’s app store, and avoid third-party stores or suspicious links.

Always check app reviews, download numbers, and developer details—if anything seems off, don’t proceed. Keep your phone and apps updated, as updates often include crucial security patches.

Be cautious of unexpected calls, even from seemingly trusted contacts; if your bank or a government agency calls, hang up and call back using the official number.

Consider installing a reputable security app to help detect and block malware, and regularly review your contact list—delete anything unfamiliar and run a security scan.

If you suspect your phone has been compromised, don’t panic. Here’s what to do:
  • Run a security scan using a trusted antivirus app.
  • Delete any suspicious apps you don’t recognise.
  • Change your passwords for important accounts, especially banking and email.
  • Contact your bank immediately if you think your financial information has been stolen.
  • Consider doing a factory reset of your phone (after backing up your important data).
Scammers are getting smarter, but so can we! By staying informed and taking a few simple precautions, you can keep your phone—and your personal information—safe from even the sneakiest tricks.
Key Takeaways
  • Security researchers have discovered a new Android malware variant called Crocodilus, which can now add fake contacts to a device’s contact list to make scam calls look more convincing.
  • The fake contacts, like ones labelled 'Bank Support', do not sync to Google accounts, so they’ll only appear on the infected device and won’t show up on other devices.
  • Crocodilus has recently been updated with several features to avoid detection better and has expanded its targets from mainly Turkey to a global scale.
  • Experts advise only downloading apps from trusted sources like the Google Play Store and checking reviews and developer reputations, as Android malware is often spread via fake app stores, social media, or dodgy emails.
Have you ever received a suspicious call from someone claiming to be your bank or another trusted organisation? Or have you noticed strange contacts appearing on your phone? Share your experiences and tips in the comments below.

Read more: Protect your bank account: Discover how this new malware hijacks your financial calls!
 

Seniors Discount Club

Sponsored content

Info
Loading data . . .

Join the conversation

News, deals, games, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.

Seniors Discount Club

The SDC searches for the best deals, discounts, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
  1. New members
  2. Jokes & fun
  3. Photography
  4. Nostalgia / Yesterday's Australia
  5. Food and Lifestyle
  6. Money Saving Hacks
  7. Offtopic / Everything else
  • We believe that retirement should be a time to relax and enjoy life, not worry about money. That's why we're here to help our members make the most of their retirement years. If you're over 60 and looking for ways to save money, connect with others, and have a laugh, we’d love to have you aboard.
  • Advertise with us

User Menu

Enjoyed Reading our Story?

  • Share this forum to your loved ones.
Change Weather Postcode×
Change Petrol Postcode×