Cybersecurity researchers have identified a new variant of the Octo malware, named Octo2 [1], which is a sophisticated Android banking trojan targeting users in Europe.
Description
Octo2 [1] [2] [3] [4] [5] [6] [7], an evolved form of the original Octo, is being spread through malicious apps in countries like Italy [7], Poland [2] [6] [7], Moldova [2] [6] [7], and Hungary [2] [6] [7]. This malware enables cybercriminals to remotely control infected devices [7], conduct fraudulent transactions [1] [3] [6] [7], and steal sensitive banking data [7]. Based on the leaked source code of Octo [7], derived from the Exobot malware family, Octo2 boasts enhancements like improved stability for remote actions and advanced obfuscation techniques [7]. Notably, it features a Domain Generation Algorithm (DGA) that dynamically generates command-and-control (C2) server names [7], making it difficult for security teams to track and block its activities [7]. Octo2 has shifted to a malware-as-a-service (MaaS) model [7], allowing cybercriminals to rent the malware for their operations and profit from it, expanding the reach of this threat to a wider range of malicious actors. The distribution of Octo2 is facilitated through rogue Android apps using APK binding, with the help of a service called Zombinder, enabling attackers to Trojanize legitimate applications and deceive users into installing a “necessary plugin” that actually downloads the Octo2 malware [7].
Conclusion
As Octo2 continues to proliferate [7], it poses an increasing risk to mobile banking users globally. It underscores the importance of maintaining vigilance and regularly updating devices to safeguard against such sophisticated threats.
References
[1] https://cyber.vumetric.com/security-news/2024/09/24/new-octo2-android-banking-trojan-emerges-with-device-takeover-capabilities/
[2] https://www.bankinfosecurity.com/octo2-malware-masquerades-as-popular-apps-a-26355
[3] https://www.tomsguide.com/computing/malware-adware/this-android-banking-trojan-just-got-a-serious-upgrade-to-take-over-your-phone-and-it-now-hides-in-legitimate-apps
[4] https://www.infosecurity-magazine.com/news/octo2-malware-threatens-mobile/
[5] https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
[6] https://thehackernews.com/2024/09/new-octo2-android-banking-trojan.html
[7] https://cybermaterial.com/new-octo2-trojan-enables-device-takeovers/
