PANews reported on June 3 that according to Cointelegraph, the Android banking Trojan Crocodilus has recently been upgraded and has begun to attack cryptocurrency users and bank customers worldwide. Security company ThreatFabric found that the malware has spread from the original Turkey region to Poland, Spain, Argentina and other countries. The latest variant can spread malicious programs disguised as browser updates through Facebook ads, using overlay attacks to steal login credentials for banks and encryption applications. The Trojan has added the function of automatically extracting cryptocurrency wallet mnemonics and private keys, and can also modify the victim's address book to implant fake "bank support" numbers. Attackers can now commit crimes by renting cryptocurrency stealing tools at a cost of 100-300 USDT/time. Security experts remind users to be wary of application updates and advertising links from unknown sources.