Pages

Experts Warn Against New ‘Octo’ Trojan That Deceptively Enables Your Android Phone To Commit Fraud

One of the most unique aspects of a trojan’s life cycle has to do with how malicious they can be over a certain period of time and the fascinating way through which they evolve.

A common example is a renowned specie of malware called Exobot that initially showed up in 2016 and was known to hack into a user’s banking facility. Surprisingly, it managed to affect users from around the world until the year 2018, when it finally underwent metamorphosis to form ExobotCompact.

Experts introduced this as a trojan that was dangerous due to its many subtypes. But now, researchers are hailing a brand new malware that evolved from older species to form a new variant called Octo, which features an array of deceptive features.

Tech experts and security analysts from Threatfabric are now issuing alerts because Octo can transform your phone into a vehicle for fraud, without letting you know because it does all the damage in a disguised manner.

The shocking discovery can go as far as letting hackers use the device for fraud. But thankfully, cybersecurity specialists were able to pick up on its activity via the dark web. This includes its mighty engineering capabilities of altering its coding and fraudulent behavior so it can hide in any Google Play Store Application.

In addition to doing that, it can even disable helpful functions of Google Protect when downloaded. And that brings us to the next most concerning matter- the ability of Octo to undergo carry out ODR or the functionality surrounding on-device fraud.

To begin the malicious process, Octo enters through the accessibility feature and begins something that’s equivalent to an attacker’s live stream command, moments before it regulates servers updated from the victim’s phone.

With the help of a black screen, Octo then disables all notifications to block everything it has done, appearing just like your device was simply switched off. But throughout the process, the malware continues with its malicious activity, performing different functions like taps, copying, pasting, scrolling, and sending out texts without anyone noticing.

Similarly, it dives into the phone’s keylogging software where it gains access to features that attract hackers like PINs, passwords, sensitive account credentials, and wallets. It can even block notifications and intercept messages too.

As you can see, one malware has a diverse number of functions and that means it can spread its tentacles to various realms on a user’s phone, making it super versatile and hence doing justice to its name.

Experts were able to delineate a number of campaigns that used the malware currently which included apps like ‘Fast Cleaner’. While the latter managed to do what it promised for users, it ended up poisoning the phone along the way.


As pointed out by security researchers and tech analysts, more and more malicious software gets developed with each passing evolution and it’s safe to say they are more target-specific and devious along the way. So what’s the solution?

Well, it’s time to be highly vigilant to ensure the protection of you and your data while being informed about the newest threats in the market. Similarly, always make sure your phone is updated using modern security systems because that’s the biggest way to slow down exposure.

Read next: These Play Store Apps Contained Spyware, Did Google Remove Them Quickly Enough?

No comments: