Android: Beware, Octo malware wants to steal money from French bank accounts

In a report released in early April 2022, computer security researchers from Threat Fabric claim to have discovered traces of new Android malware. This malware called Octo Based on ExoCompactA variant of the Exo Trojan.

This malware is currently sold on dark web black markets. “Our research shows that there are probably more than 5 different actors behind Octo, including his owner”Threat Fabrice explains in his report.

List of Android apps Octo infected

The virus spreads to Android smartphones through infected apps. Researchers track down Octo code of several applications distributed online, especially in the Play Store. In some cases, hackers injected Octo into a harmless APK code. The malware hides mainly in the various APKs of the Play Store. List of compromised apps:

  • Pocket Screencaster (on Play Store)
  • Quick Cleaner 2021 (on Play Store)
  • Post Bank Security (APK)
  • Pocket Screencaster (APK)
  • BAWAG PSK Security (APK)

Octo will notice when his victim’s phone is hacked. a series of remote actions to capture data. To prevent the user from being aware of the attack, the malware reduces the screen brightness to maximum during the process and displays a black screen in a row. The user will then be convinced that the device is turned off.

The virus then captures text messages, activates software that can record everything you type on the virtual keyboard, and installs/uninstalls applications. Its purpose: recover passwords and logins to connect to apps, especially a bank’s apps.

Octo is particularly popular with Postbank BestSign, Santander, ING, Kutxa, easybank, Morgan Stanley, Wells Fargo, HSBC and several French banking institutions : Crédit Mutuel de Bretagne, CIC, Fortuneo, Crédit du Nord for Mobile, La Poste, Boursorama, La Banque Postale, Oney France and BNP Paribas Fortis.

That’s not all. Octo is also targeting cryptocurrency exchanges. Coinbase, Crypto.com and Bitfinex. Finally, apps like PayPal are also targets of hackers. We recommend being careful when installing an Android app, especially if it’s an APK from an unknown site.

In relation :  10 Best Android Games to Play with Your Girlfriend
Moyens I/O Staff has motivated you, giving you tips on technology, personal development, lifestyle and strategies that will help you.