The threats for Android mobile users who have to deal with new alerts almost every day, including the most recent one concerning the enrichment of the Octo Trojan, now capable of causing even more damage, are increasing.
The environment of the Android operating system seems to know no respite, with the users of the green robot who, after being warned by the revived Sharkbot virus, have received the bad news that they have to watch their backs again even from the infamous Octo trojan.
According to the Dutch company ThreatFabric, active in protecting its customers from online threats and fraud, the sprawling (being a diminutive of Octopussy, octopus) Octo, already unearthed in February in the popular (50,000 installations) free memory app “Fast Cleaner”, but also a website that promised the user to be able to buy disused metal material at a good price (as long as they update the browser, in order to infect it), is a RaT, or remote access trojan, currently on sale in some dark web forum by a user who calls himself from time to time as “good luck” or “Architect”.
Experts believe (also due to its ability to create difficulties for reverse engineering) that this virus is related both to the Exobot malware spotted in 2016, and to the related evolution ExoCompact, the source of which was disclosed in 2018: compared to the origins, However, now there are on-device fraud functions, ODF, such as being able to manipulate other apps, compromising password management apps or those of digital cryptocurrency wallets and home banking, also bypassing two-factor authentication.
The way in which Octo acts is based on the acquisition of accessibility services: at that point, the virus lowers the brightness of the screen to zero, and silences the notifications by activating the “do not disturb mode”, to make the device appear as turned off and do not let the victim notice what the hacker is doing, connected remotely via the MediaProjection module which allows the screen of the compromised tablet or smartphone to be transmitted at high frequency.
Subsequently, the virus monitors the victim’s behavior both online and off-line, stealing everything they type via keylogging, to exfiltrate email account logins, PINs, bank passwords, etc., also putting into practice the management of SMS, both for subscribe the user to paid services, which to erase traces (including reset passwords). To date it is not known whether there are apps infected by Octo again on the Play Store but, if in doubt, it is good to check often that the Play Protect is active, download the apps only from reliable sources, after having in any case given a browse to the relevant reviews and to the reputation of the developers.
