Crocodilus is a sophisticated Android banking Trojan first identified in 2025, spreading via deceptive Facebook ads and spoofed apps that mimic banking, crypto, or browser tools. Once installed, it hijacks devices by adding fake contacts (like "Bank Support") to enhance scam credibility, monitors screens to steal sensitive data like passwords and crypto seed phrases, and uses permissions to gain deep access. Active in regions like Poland, the U.S., Spain, and Turkey, Crocodilus highlights the evolving nature of mobile malware. Android users are urged to install apps only from trusted sources, keep devices updated, use antivirus software, and stay alert for suspicious activity.