Verticals Targeted: Financial
Regions Targeted: US, Canada
Related Families: None
Verticals Targeted: Banking, E-commerce, Cryptocurrency
Regions Targeted: Turkey, Poland, Spain, Argentina, Brazil, India, Indonesia, United States
Related Families: None specified
Executive Summary
Crocodilus, an Android banking trojan first identified in March 2025, has rapidly evolved into a global threat, targeting banking and cryptocurrency users across eight countries with advanced overlay attacks and social engineering tactics. Its enhanced obfuscation and new features, such as contact list manipulation, amplify its ability to evade detection and execute fraudulent transactions.
Verticals Targeted: Financial
Executive Summary
Crocodilus is a newly identified Android banking Trojan that exhibits advanced device-takeover capabilities and targets financial institutions and cryptocurrency wallets. Already operational in Spain and Turkey, this malware showcases a mature feature set that challenges traditional defenses, marking a significant evolution in mobile threats.
Verticals Targeted: Financial
Executive Summary
Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.
Related Families: TgToxic
Verticals Targeted: Financial
Executive Summary
ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).
Related Families: Exobot, ExobotCompact, Octo
Verticals Targeted: Financial
Executive Summary
Octo2, an updated version of Octo Android banking trojan, was recently observed targeting Android users in Europe.
Verticals Targeted: Financial
Executive Summary
Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.
Verticals Targeted: Financial