A new malware is stealing bank details and carrying out malicious activities on Android phones and tablets. Octo is a tool capable of “hijacking” devices and committing fraud via remote access using resources of Google’s own operating system, as experts from the Threat Fabric.
Octo is characterized by setting the screen brightness level to zero and silencing notifications by activating the “Do Not Disturb” mode, making the victim think that their device is turned off and cannot see what criminals are doing, what could include browsing, exploring data, using applications, among others.
This RAT (“Remote Administration Tool” or “Remote Administration Tool”) uses the MediaProjection module of Android, capable of causing the cell phone or tablet screen to be transmitted at a relatively high frequency – one frame per second –, enough to for hackers to manipulate the device from a distance.
In addition to this feat, Octo is also capable of tracking users’ behavior — both on the web and offline — and recording system entries such as bank passwords, email accounts and PINs. Furthermore, SMS messages can be intercepted in order for hackers to reset passwords and subscribe to services on behalf of the victim.
This malware is believed to be derived from ExoCompact, a trojan that caused damage after its source code was leaked in 2018. Currently, the malware is sold on dark web forums by an individual under the pseudonyms “Architect” and “goodluck”.
In February, cybersecurity experts found Octo in an app called “Fast Cleaner” on the Google Play Store that had over 50,000 installs.
Malware has also been discovered on websites designed to catch victims’ attention. In one case, a page claimed to buy disused metal objects for a good amount, but required the user to “refresh” the browser. When clicking on the displayed link, an infected file was downloaded.
Attacks of this type are becoming more and more common with the increase in traffic through mobile devices. It is recommended that the user check that Play Protect is enabled frequently, as well as avoid installing applications from dubious sources that are not available on the Google Play Store.