and the distribution of digital products.
Beware of Octo2 malware targeting European banks, disguised as popular apps
If you’re used to downloading mobile apps from unofficial platforms, it’s time to exercise caution. A new version of the Octo malware is wreaking havoc on smartphones across Europe.
Cybersecurity experts are warning of a new Trojan designed to attack banking data. This virus, known as Octo2, is the latest iteration of the Exobot malware, which has been around since 2016.
Disguised as legitimate apps like Google Chrome, Enterprise Europe Network, or NordVPN, Octo2 steals credentials to drain victims’ bank accounts.
Octo2 is a more dangerous version of an old threatOcto2 isn’t a newcomer to the malicious software scene. Back in 2016, its predecessor, Exobot, executed layered attacks and had the ability to control calls, messages, and even instant notifications. By 2022, a new version named Octo emerged, terrifying users by blocking screens, recording keystrokes, and even sending phishing messages.
Octo2 malware disguises itself as legitimate apps like Google Chrome and NordVPN
The creator of this malware, a hacker known as Architect, has recently seen the source code of Octo leak online. This leak led to a dip in profits, as multiple cybercriminals hijacked the code.
In response, Architect developed Octo2 and provided early access to former users of the original Octo.
Octo2’s dangerous reachEuropean users are particularly at risk. Countries like Italy, Poland, Moldova, and Hungary have already seen an uptick in Octo2 attacks. This malware, hidden within fake versions of apps like Google Chrome and NordVPN, uses a tool called Zombinder to install itself on victims’ smartphones.
Unfortunately, the danger is growing, with new campaigns likely to expand Octo2’s reach, potentially targeting users worldwide.
Why Octo2 is a serious threat?Octo2 presents a significant challenge for mobile banking security. Its creators have refined the Trojan’s capabilities, improving its stability during remote sessions by reducing lag. They’ve also optimized its ability to hide malicious code, making it harder for users to detect.
In addition, a new algorithm allows cybercriminals to update domain names without having to recreate malware samples.
This adaptability makes Octo2 an ongoing threat.
Octo2 has not infiltrated the Google Play Store yet but poses a growing threat
Luckily, Octo2 is not in the Play Store (yet)
For now, Octo2 has not infiltrated the Google Play Store, but the growing sophistication of this malware means we need to remain more vigilant than ever.
Here are some key steps to avoid falling victim to Octo2:
- Download apps only from official platforms like the Google Play Store or Apple’s App Store.
- Check app reviews and developer information to ensure legitimacy.
- Use reliable antivirus software to detect and block malware before it infects your device.
- Be wary of permissions that apps request, especially those related to messaging, notifications, or access to personal data.
With Octo2 continuing to evolve, it’s essential to stay proactive in safeguarding your devices from these advanced cyber threats.
Image credits: Emre Çıtak/Ideogram AI