Warning about the malicious "Crocodilus" software targeting users' financial and personal data.

The "Information Security Center" affiliated with the National Authority for Information Technology Services in Syria has announced the discovery of a new malicious software known as "Crocodilus", posing a serious threat to the data of smartphone users, especially financial information and bank accounts.

Engineer Jihad Alala, the center's director, confirmed that this software is characterized by its ability to infiltrate devices without leaving a clear trace, relying on fake applications that appear legitimate or precisely designed phishing messages to deceive users.

Alala warned that "Crocodilus" requests extensive permissions upon installation, granting it almost complete control over the device, including access to text messages, passwords, and sometimes remote control. Symptoms such as sudden performance slowdown, abnormal battery drain, or unfamiliar apps not downloaded by the user may appear.

The center recommended preventive measures, such as avoiding downloading apps from untrusted sources, reviewing required permissions before installing any app, refraining from clicking on suspicious links in text messages or emails, using antivirus software and keeping it updated regularly.

In case of suspected device breach, Alala advised disconnecting it from the internet immediately, running a security scan, changing passwords from a secure device, reviewing recent banking activities, revoking unnecessary permissions, and resorting to factory reset if containment of the threat is not possible.