According to ChainCatcher, researchers from the security company ThreatFabric state that a new malware called Crocodilus can steal Android users' seed phrases. The malware spreads through a proprietary driver and bypasses security protections on Android 13 (and higher versions), without triggering Play Protect when users install the malware.
The malware uses screen overlay to falsely warn users to "backup wallet seed phrases in settings within 12 hours", otherwise they might lose access to their wallet.
