A new Android malware has been spotted spreading across Europe masquerading as popular software and apps.
Octo2, seemingly a successor to the wildly popular Octo trojan, was detected by cybersecurity researchers from ThreatFabric, who warned hackers have been spreading it under the guise of popular VPN software, browsers, and more. Victims would be tricked into visiting either fake websites, or risky third-party app repositories, where they would download NordVPN, Google Chrome, or an app called Europe Enterprise.
Obviously, these apps are not working as intended, and instead infect the device with Octo2, an advanced Android trojan that grants crooks remote access capabilities, screen recording with invisibility, keylogging, different self-protection techniques, on-device fraud, SMS and notification manipulation, and more.
Notable improvements
Compared to the original Octo, the second version comes with a few notable improvements, including better operational stability, more advanced anti-analysis and anti-detection mechanisms, and a domain generation algorithm (DGA) system that grants threat actors a more resilient C2 communication.
Since the malware is not found on Google Play, and is not distributed through the official Android repository, it is difficult to determine exactly how many devices are infected. ThreatFabric claims that the majority of the victims are located across Europe – in Italy, Poland, Moldova, and Hungary.
However, the original Octo was a malware-as-a-service (MaaS) platform, and its victims were found all over the world, including the US, Canada, Australia, and the Middle East. Therefore, it’s safe to assume it’s only a matter of time before Octo2 is spotted there, as well.
ThreatFabric believes Octo2 is the developer’s response to Octo’s source code leaking earlier this year. When it happened, many threat actors used the code to create unique versions of the malware, possibly hurting the developer’s sales. Therefore, Octo2 could be a way to bring them back. Allegedly, there is a special discount for Octo users, as well.
Via BleepingComputer
+ There are no comments
Add yours