Octo malware can perform remote commands secretly on your device and steal your money.
A new android malware is reportedly performing on-device fraud by using remote access capabilities. The malware, named Octo, is able to take control of your device and steal important information including your banking details. The Octo malware has been spotted by Cybersecurity researchers at ThreatFabric who reported that an attacker can remotely perform on-device frauds with the help of this Trojan. The report mentions that the Octo Android malware has evolved from Exobot malware, which had its source code leaked in 2018.
How does this Octo malware perform on-device fraud?
The cyber attackers or hackers gain remote access to an user’s device and steal the details while they perform transactions or other activities secretly without letting them know. To execute remote actions, the attacker needs to stream the screen of the victim’s device. The Octo malware uses Android’s built-in services like Media Projection for screen streaming and Accessibility Service to access the device. This tricks the anti-malware engines on the device into thinking that the device is being operated by the owner itself.
Once the attacker gets control of your device, they use a black screen overlay to hide their remote actions by setting the screen brightness to zero. The “do not disturb” mode is also enabled on the device to turn off all notifications and the device appears switched off to the owner while the attacker is secretly executing various actions. The hackers then get access to clipboard data, copy/cut and paste text, scroll and tap on the screen, and perform gestures.
Not only this, but this malware can also perform dozens of other actions remotely from blocking push notifications from specific apps, to enabling SMS interception, or sending SMS to any phone number. This can even open a specific website, starting/stopping remote access sessions, launching an app, disabling sound, and temporarily locking the device’s screen.