A new type of malware is moving on the Internet and trying to take control of your Android device. Once installed, the “Octo”, as it is commonly called, can remotely view your screen and control your device, anything you don’t know. Let’s see where Octo comes from, how it works and how you can prevent it.
What is Octo?
ThreatFabric was the first store to discover and report on Octo, which saw the tribe as an evolution of malware from the Exobot family. Since 2016, Exobot malware has focused primarily on banking activities and over time has become a different type. ThreatFabric has now identified a strain called ExobotCompact.D: In the dark, however, the malware is called “Octo”.
Many hackers try to gain access to your accounts from their personal phishing tool for your login information, such as your MFA codes. However, Octo allows bad actors to remotely access your Android phone in a so-called device fraud (ODF). ODF is very dangerous because the activity doesn’t take place from anywhere else in the world, but from the devices that your accounts and network expect.
How does Octo work?
Octo uses the MediaProjection feature on Android to stream activity to your smartphone remotely. Even if it’s not perfect live streaming (video runs at about 1 frame per second), hackers can quickly see what they’re doing with your device. However, to do something, they use Octo to gain AccessibilityService.
But you won’t see any of that, because Octo uses a black layer on the screen in addition to silencing all the alerts you may receive: From your point of view, your phone seems to be turned off, but it’s open to hackers. this time on your Android device.
From here, hackers can perform various tasks on your device remotely, including clicks, gestures, text entry, text placement, long clicks and scrolling, and more. What’s more, a hacker doesn’t even have to do these things himself: instead, the malware can simply “tell” it what it wants it to do, and the malware will do it automatically. You can imagine that the potential scope of fraud is widespread, because there is no need for someone to sit there and walk through each other’s steps.
Octo can do a lot once it’s on your device. It can be a keylogger that reports every action you take on your device, including the lock pattern or PIN, the URLs visited, and any taps on the screen. In addition, it can delete your contact lists, block your SMS and record and monitor your phone calls. The author of Octo is even harder to detect by writing his own code to hide the identity of the malware.
How does Octo get on your Android phone?
Like many malware infections, compromised applications are the primary means of installation. According to ThreatFabric, the “Fast Cleaner” application found Octo along with other types of malware and was downloaded more than 50,000 times before Google removed it from the Play Store. The application is primarily aimed at users of European banks and installed Octo by convincing users to install a “browser update”. Some of the affected applications include a “Pocket Screencaster” screen recorder, as well as a set of fake banking applications designed to get real bank users to download them.
So the secret of Octo prevention is to always use excellent cyber security practices on your Android device. Never download an app from the Play Store that has not been thoroughly tested. While Google’s rejection system is better than ever, compromised applications still exist.
Then be very careful with apps that ask you to download a standalone app or install an update from their link, not from the Play Store. Legitimate apps want you to use their app, not follow a sketchy link to download another app. Similarly, your apps will receive updates from the Play Store, not the proprietary app update page. These methods are a classic malware installation tactic, and you can prevent them from simply thinking about the actions you take on Android. If you are concerned that you have malware installed, you can use a reliable service, such as MalwareBytes, to scan your device for malware. If you need to switch to nuclear power, a factory reset can remove the malware and install a new version of Android on your phone. However, as long as you think about the applications and links you communicate with on your devices, you should be well on your way to preventing Octo and other malware like this.