From PC Mag: "Octo2," a new variant of the Octo Android trojan malware, has been spreading online via malicious versions of the NordVPN and Google Chrome apps, according to a new report from cybersecurity firm ThreatFabric.
When the malicious app is installed, victims are prompted with a misleading pop-up message that asks them to click "confirm" and navigate to their Android device's settings to turn on a toggle and install a "necessary plugin." In reality, this is the malware operator tricking victims into bypassing security measures and voluntarily installing the Octo2 malware.
The attackers attached the malware to the download using "Zombinder," a dropper from the dark web that discreetly hides malware in legitimate apps on Android devices. Researchers found that Octo2 can circumvent Android 13 security features.
This malware is ultimately being used to steal victims' funds via mobile banking. It can allow attackers to intercept sensitive user data and can enable remote takeover attacks, where a cybercriminal is able to take over and use the victim's phone virtually to execute banking transactions. It also sends screenshots from the victim's device to the attackers, and will optimize the quality of the screenshots if the internet connection isn't great. Unlike previous versions of this malware, Octo2 has extra features baked in to evade detection.
View: Full Article