A new strain of malware is floating around the web, trying to control your Android device. Once installed, it will be called “Octo”, which lets you unknowingly view your screen remotely and control your device. Let’s explore where Octo came from, how it works, and how to avoid it.
What is Octo?
ThreatFabric was the first sales outlet to detect and report Octo, an evolution of the Exopot family malware. Since 2016, Exobot malware has primarily targeted banking operations and has evolved into different strains over time. Now, a strain called ThreatFabric ExobotCompact.D has been identified: in the Dark Net, however, the malware is referred to as “Acto”.
Many hackers try to break your accounts from their personal devices by phishing your login information and your MFA codes. However, Acto allows remote actors to remotely access your Android phone, known as On-Device Fraud (ODF). ODF is very dangerous because this functionality does not take place anywhere else in the world, but from the device that your accounts and networks expect.
How does Octo work?
Octo takes Android’s Media Projection function to stream the functionality of your smartphone remotely. Even if it’s not the right livestream (video can run up to 1 frame per second), it’s very fast to see what hackers are doing on your device. To actually do anything, they will then take the access service using Octo.
You will not see this, however, Octo uses a black overlay on your screen and mutes any notifications you may receive: in your view, your phone appears to be off, but for hackers, it is the open season. Your Android device.
From here, hackers can perform various tasks remotely on your device, including tapping, gesturing, entering text, pasting text, long clicking, and other commands such as scrolling. On top of that, a hacker does not have to do these things: on the contrary, they can “tell” the malware what they want to do, and the malware will do the work automatically. If so, you can imagine the possibilities of fraud expanding considerably because a man does not have to sit there and go up the steps one by one.
Octo can do a lot if you have it on your device. It acts as a keylogger, reporting every action you take on your device, your lock pattern or post, the URLs you visit and any taps you make on your screen. Additionally, it can reduce your contact list, intercept your SMS, record and control your phone calls. Octo’s author made it very difficult to find by writing their own code to hide the identity of the malware.
How does Octo get on your Android phone?
As with many malware infections, compromised applications are the main vehicle for installation. According to ThreatFabric, the “Fast Cleaner” app was found to contain Acto in addition to other malware, and was downloaded 50,000 times before Google removed it from the Play Store. The application was aimed primarily at users of European banks and installed Octo by convincing users to install a “browser update”. Other vulnerable applications include a screen recorder called a “pocket screencaster” and a collection of fake banking applications designed to deceive users of real banks.
The secret to getting rid of Octo is to use the best cyber security practices on your Android device at all times. Do not download a processor from the Play Store without first fully verifying it. While Google’s rejection system is definitely better than ever, compromised apps make it all the time.
Next, be very careful about apps that ask you to download individual apps, not the Play Store, or install updates from their link. Legitimate applications You want to use their own application, do not follow a sketchy link to download some other application. Similarly, your apps will receive updates from the Play Store, not the app’s proprietary update site. These methods are classic malware installation techniques and you can avoid them by being careful about the actions you take on Android.
If you are worried that malware may be installed, you can use a trusted service such as MalwareBytes to scan your device for malicious software. If you want to go nuclear, a factory reset will destroy any malware and install the latest version of Android on your mobile. However, as long as you are careful about the apps and links you interact with on your devices, you should be careful to avoid Acto and other malware like this.