[Crocodilus](https://attack.mitre.org/software/S9004) is an Android banking Trojan that was discovered in March 2025. [Crocodilus](https://attack.mitre.org/software/S9004) targeted users worldwide, including Turkey, Poland, Argentina, Brazil, Spain, the United States, Indonesia and India. [Crocodilus](https://attack.mitre.org/software/S9004) has been customized based on the target location. For example, [Crocodilus](https://attack.mitre.org/software/S9004) mimicked major Turkish and Spanish banks for users in Turkey and Spain, while users in Poland saw Facebook advertisements that promoted [Crocodilus](https://attack.mitre.org/software/S9004) to claim bonus points.(Citation: ThreatFabric_Crocodilus_March2025)(Citation: ThreatFabric_Crocodilus_June2025)