The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Crocodilus Evolves, Expands Targeting

Jun 20, 2025 12:01:52 PM / by The Hivemind posted in Threat Bulletin, Banking Trojan, Evolving Threat, Crocodilus, Android Malware, Cryptocurrency Theft, Phishing Campaign, Overlay Attack, Mobile Security, ThreatFabric

0 Comments

Verticals Targeted: Banking, E-commerce, Cryptocurrency
Regions Targeted: Turkey, Poland, Spain, Argentina, Brazil, India, Indonesia, United States
Related Families: None specified

Executive Summary

Crocodilus, an Android banking trojan first identified in March 2025, has rapidly evolved into a global threat, targeting banking and cryptocurrency users across eight countries with advanced overlay attacks and social engineering tactics. Its enhanced obfuscation and new features, such as contact list manipulation, amplify its ability to evade detection and execute fraudulent transactions.

Read More

Crocodilus Android Banking Trojan

Apr 7, 2025 1:41:20 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banking Trojan, Emerging Threat, Crocodilus

0 Comments

Verticals Targeted: Financial

Executive Summary

Crocodilus is a newly identified Android banking Trojan that exhibits advanced device-takeover capabilities and targets financial institutions and cryptocurrency wallets. Already operational in Spain and Turkey, this malware showcases a mature feature set that challenges traditional defenses, marking a significant evolution in mobile threats.

Read More

Coyote Banking Trojan

Feb 7, 2025 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Windows, Banker, Banking Trojan, Evolving Threat, Coyote

0 Comments

Verticals Targeted: Financial 

Executive Summary

Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.

Read More

ToxicPanda Android Banking Trojan

Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic

0 Comments

Related Families: TgToxic
Verticals Targeted: Financial 

Executive Summary

ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).

Read More

Octo2 Android Banking Trojan

Oct 7, 2024 2:06:59 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Banking Trojan, Latrodectus, Octo, ExobotCompact

0 Comments

Related Families: Exobot, ExobotCompact, Octo
Verticals Targeted: Financial

Executive Summary

Octo2, an updated version of Octo Android banking trojan, was recently observed targeting Android users in Europe.

Read More

Brokewell Android Banking Trojan

May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell

0 Comments

Verticals Targeted: Financial

Executive Summary

Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.

Read More

New BBTok Variant

Oct 2, 2023 2:44:45 PM / by The Hivemind posted in Threat Bulletin, Financial, Banker, Banking Trojan, BBTok, Latin America

0 Comments

Verticals Targeted: Financial

Executive Summary

BBTok, written in Delphi, is a banking trojan that has been active since at least 2020. A new variant was recently observed targeting financial entities in Latin America.

Read More

Anatsa Android Banking Trojan

Jul 3, 2023 12:37:11 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Banking Trojan, Anatsa

0 Comments

Verticals Targeted: Financial 

Executive Summary

Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts