There is a new breed of malware spreading around the internet, looking to take control of your Android device. Once installed, “Octo,” as it’s colloquially called, can remotely see your screen and control your device, all without your knowledge. Let’s examine where Octo came from, how it works, and how you can avoid it.
What is Octo?
ThreatFabric was the #1 outlet for Discover and report on October, who found the strain as an evolution of the Exobot family of malware. Since 2016, Exobot malware has mainly targeted banking, and has evolved into different strains over time. Now, ThreatFabric has identified a strain it calls ExobotCompact.D: On the dark web, however, the malware is referred to as “Octo”.
Many hackers try to break into your accounts from their personal devices, by phishing to get your login information, as well as your MFA codes. However, Octo allows bad actors to remotely access your Android phone, in what is called Device Fraud (ODF). ODF is very dangerous, because the activity does not happen from somewhere else in the world, but from the device that your accounts and networks expect.
How does Octo work?
Octo takes over the Android MediaProject function in order to remotely broadcast your smartphone activity. While it’s not a perfect live stream (the video plays around one frame per second), it’s pretty fast for hackers to see what they’re doing on your device. In order to actually do anything, though, they’ll then use Octo to take over the AccessibilityService.
G/O Media may get commission
However, you won’t see any of this happen, because Octo uses a black layer on your screen, in addition to silencing any notifications you might receive: from your point of view, your phone looks like it’s locked, but to hackers, it’s open season. your Android device.
From here, hackers can perform a variety of tasks remotely on your device, including clicks, gestures, text entry, text pasting, long clicks, and scrolling, among other commands. Moreover, the hacker doesn’t even need to do these things themselves: instead, they can simply “tell” the malware what they want to do, and the malware will perform the tasks automatically. You can imagine, then, that the potential scope of fraud has widened considerably, since it does not require a human to sit there and follow the steps one by one.
Octo can do a lot more once it is on your device. The keylogger can work, reporting every action you take on your device, including your lock pattern or PIN, the URLs you visit, and any clicks you make on your screen. In addition, it can scrape your contact lists, intercept your SMS, and record and control your phone calls. The Octo author even made it more difficult to detect by writing his own code to mask the malware’s identity.
How do you get Octo on your Android phone?
Like many malware infections, compromised applications are a major means of installation. According to ThreatFabric, the app “Fast Cleaner” was found to contain Octo as well as other types of malware, and it was downloaded more than 50,000 times before Google removed it from the Play Store. The app mainly targeted users of European banks, and installed Octo by convincing users to install a “browser update”. Other affected apps include a screen recorder called “Pocket Screencaster”, as well as a group of fake banking apps designed to trick real bank users into downloading them.
So the secret to staying away from Octo is to use excellent cyber security practices on your Android device at all times. Never download an app from the Play Store without thoroughly checking it first. While Google’s rejection system is definitely better than it used to be, hacked apps make it pass all the time.
After that, be until far away Beware of apps that ask you to download a separate app, or install an update from their link, not from the Play Store. Legitimate apps want you to use their apps, not follow a superficial link to download some other app. Likewise, your apps will receive updates from the Play Store, not from the update site of the app. These methods are traditional methods of installing malware, and you can avoid them just by thinking about the actions you take on Android.
If you are concerned that you might install malware, you can use a trusted service Like MalwareBytes To scan your device for malware. If you need to go nuclear, a factory reset can eliminate any malware and install a fresh version of Android on your phone. As long as you are interested in the apps and links you interact with on your devices, you should be on your way to avoiding Octo and other malware like it.
[Tom’s Guide]
Comments
Post a Comment