Android users need to look for another malware that does the rounds. This time it is a nasty piece called Octo, which is designed to allow criminals to remotely take control of your phone and do some fraud on the device.
Octo is a high-end Android malware, based on ExoCompact (Opens in a new tab), which itself is based on the Exo trojan. Octo was discovered by researchers at the threat (Opens in a new tab)after noticing that users are looking to buy it on the darknet.
The main problem is that Octo has advanced remote access capabilities, which are provided through the live broadcast module. This exploits Android’s MediaProject and remote actions through the operating system’s accessibility service.
The malware hides its nefarious activities using a black screen overlay, setting the brightness to zero and activating Do Not Disable mode to disable notifications. To the owner of the phone, it appears as if the phone is locked, allowing criminals to exploit your phone and the information inside it.
Moreover, Octo also features a keylogger, along with a number of scary capabilities including blocking push notifications, intercepting SMS, disabling sound, locking the home screen, launching applications, starting remote access sessions and sending SMS messages to specific phone numbers .
ThreatFabric notes that Octo is generally being sold on forums by a threat actor using the nickname “Architect” or “goodluck”. Given the similarities between Octo and ExoCompact, including its success in disabling Google Protect functionality on the Play Store, researchers believe Octo may be a modified version of ExoCompact.
There are several ways to expose your Android device to Octo. The main factor is malware masquerading as a legitimate app on Google Play, while other campaigns rely on fake browser plugin updates or fake update warnings. Among the applications known to have Octo:
- Pocket Screencaster (com.moh.screen)
- Fast Cleaner 2021 (vizeeva.fast.cleaner)
- Play Store (com.restthe71)
- Postbank Security (com.carbuildz)
- Pocket Screencaster (com.cutthousandjs)
- BAWAG PSK Security (com.frontwonder2)
- Install the Play Store app (com.theseeye5)
what should be done
The only way to stay safe from Octo and other malicious Android apps, is to be careful about what you install. Because once it appears on your phone, anything that appears on your screen can be accessed by any criminal responsible for putting the Octo there in the first place.
So, keep the number of apps on your phone to a minimum and only install apps from trusted sources – even if the app comes from Google Play. Since malware can bypass Google Play Protect, the only real security you have is from constant vigilance.
You should also check regularly that Play Protect is activated, as it does a lot to keep your phone safe. Tap on your profile icon next to the search bar and select play to protectfollowed by gear sign in the upper right and make sure Scan apps with Play for protection And Improved detection of malicious apps are exchanged.
Finally, we suggest that you install one of the best antivirus apps for Android to help scan your device for potential malware.