Octo malware allows hackers to manipulate Android devices remotely and turn off the screen light to remain undetected.
According to security researchers at ThreatFabric, Octo is malicious code developed from ExoCompact, a variant of the famous dangerous Trojan called Exo. In 2018, this malware went beyond the world of cybercriminals after the source code was leaked. From there, many variations of Exo emerged, of which the Octo was one of the most dangerous.
Octo allowed hacker perform a series of actions, including: Block notifications from specific apps, block or send SMS, launch an app, open a web address, mute the screen lock sound. They also make it possible for hackers to control the device remotely. This control is done through a component that features live screenshots, with updates every second, taking advantage of Android’s MediaProjection and accessibility tools. Octo also creates a black overlay on the screen, reduces the brightness to zero, and turns off all notifications with the “do not disturb” feature. From there, crooks can perform a series of remote operations, including touching the screen, typing text, scrolling the screen, pasting data without being detected by the victim.
In addition, Octo contains a keylogger system that allows to record all Android keystrokes. Thereby, the attacker can know a lot of information including text content, PIN code, password, visited websites of the victim’s computer.
According to ThreatFabric, this malicious code can compromise many important applications on the device, including password management applications, banking applications, cryptocurrency wallets, two-layer security applications, and game logins.
The researchers also found that Octa began to be traded on a number of darknet markets, including the Russian-language XSS forum. They are for sale through several accounts named architect and goodluck. In there, architect identified as one of the authors of the former Exo malware.
The Fast Cleaner app on Google Play contains Octo. Image: ThreatFabric
Like the original malware, Octo is designed to easily bypass Google Play censorship, disable Google Protect, and be protected from source code reverse engineering. In fact, a series of applications on the Play Store were found to contain this malicious code, such as Pocket Screencaster, Fast Cleaner 2021, Postbank Security, Pocket Screencaster, BAWAG PSK Security…, including applications with tens of thousands of downloads. load.
According to Bleeping Computer, with this type of malicious code, the two-layer password security measure also becomes useless. Any information the user sees on the screen or manipulates on the keyboard is well understood by the hacker. The most effective way is to prevent infection, by staying alert for strange applications, minimizing the installation of unimportant applications and always checking if Google Protect is enabled or not.
Luu Quy
at Blogtuan.info – Source: vnexpress.net – Read the original article here
