A new malware lurks on Android. Called Octo, this virus seeks to seize your data to hack your bank account and steal your cryptocurrencies. The malware hides in several apps, including two apps from the Play Store.
In a report published in early April 2022, computer security researchers from Threat Fabric claim to have spotted traces of new Android malware. Dubbed Octo, this malware is based on ExoCompacta variant of the Exo Trojan.
This malware is currently for sale on dark web black markets. “Our investigation shows that there are more than 5 different actors behind Octo, probably including the owner himself”explains Threat Fabrice in its report.
Also Read: Chinese Hackers Exploit VLC Video Player to Launch Dangerous Malware
The list of Android apps infected by Octo
The virus spreads to Android smartphones through infected apps. Researchers found Octo’s trace in the code of several applications distributed online, especially on the Play Store. In some cases, hackers injected Octo into the code of a harmless APK. The malware hides in particular in several APKs of the Play Store. Here is the list of compromised apps:
- Pocket Screencaster (on the Play Store)
- Fast Cleaner 2021 (on Play Store)
- Postbank Security (APK)
- Pocket Screencaster (APK)
- BAWAG PSK Security (APK)
Once he infiltrates his victim’s phone, Octo will realize a series of remote actions to seize the data. To prevent the user from becoming aware of the hack, the malware will lower the screen brightness to the maximum during the operation and display a black superimposed screen. The user will then be persuaded that the device is off.
The virus then intercepts text messages, activates software capable of recording everything you type on the virtual keyboard and installs/uninstalls applications. His goal : recover passwords and logins to connect to applications, in particular those of a bank.
Octo notably targets banks such as Postbank BestSign, Santander, ING, Kutxa, easybank, Morgan Stanley, Wells Fargo, HSBC and several French banking organizations : Crédit Mutuel de Bretagne, CIC, Fortuneo, Crédit du Nord for Mobile, La Poste, Boursorama, La Banque Postale, Oney France and BNP Paribas Fortis.
That’s not all. Octo also targets cryptocurrency exchanges, including Coinbase, Crypto.com and Bitfinex. Finally, applications like PayPal are also targeted by hackers. We advise you to be careful when installing an Android app, especially if it is an APK from an unknown site.