Cybersecurity researchers have unveiled a new version of the Android banking trojan known as Octo, now referred to as Octo2. This advanced malware boasts enhanced capabilities for Device Takeover (DTO) and executing fraudulent transactions.
According to a report by Dutch security firm ThreatFabric, campaigns distributing Octo2 have been identified across several European nations, including Italy, Poland, Moldova, and Hungary. The malware’s developers have made significant improvements to the stability of remote actions necessary for executing DTO attacks.
Malicious Apps Linked to Octo2
Several malicious applications containing Octo2 have been identified, including:
- Europe Enterprise (com.xsusb_restore3)
- Google Chrome (com.havirtual06numberresources)
- NordVPN (com.handedfastee5)
Octo was initially flagged by ThreatFabric in early 2022, linked to a threat actor known by the aliases Architect and goodluck. This malware is considered a “direct descendant” of Exobot, which was first detected in 2016 and has since spawned various variants, including Coper in 2021.
The threat landscape for mobile banking malware has evolved, with Octo having roots in the Marcher banking trojan. Exobot itself was active until 2018, primarily targeting financial institutions in Turkey, France, Germany, and beyond. A “lite” version, ExobotCompact, was later introduced by a dark-web actor known simply as ‘android’.
The emergence of Octo2 appears to be closely linked to the leak of the Octo source code earlier this year, which has allowed other cybercriminals to develop multiple variants of the malware. This escalation underscores the evolving nature of mobile threats and the ongoing challenges in combating sophisticated cybercrime.
As Octo2 continues to proliferate, it highlights the urgent need for users to remain vigilant about the apps they download and the potential threats lurking within seemingly innocuous applications. Cybersecurity experts recommend using trusted sources and maintaining updated security measures to protect against such emerging threats.