How to Stop Octo Malware From Remotely Accessing Your Android
There is a new kind of malware roaming the internet that tries to take control of your Android device. Once installed, Octo, as it is colloquially known, can remotely see your screen and control your device, all without your knowledge. Let’s take a look at where Octo came from, how it works, and how to avoid it.
What is Octo?
ThreatFabric was the first publication to discover and report on Octo , which considered the strain an evolution of the Exobot family of malware. Since 2016, Exobot malware has primarily targeted banking and has evolved into different strains over time. ThreatFabric has now identified a strain it calls ExobotCompact.D: However, the malware is referred to as “Octo” on the dark web.
Many hackers try to hack into your accounts from their personal devices, using phishing to get your login information as well as your MFA codes. However, Octo allows attackers to gain access to your Android phone remotely, which is known as Device Fraud (ODF). ODF is extremely dangerous because the action is not taking place anywhere else in the world, but from the device that your accounts and networks are waiting for.
How does Octo work?
Octo takes over the Android MediaProjection feature for remote streaming of your smartphone’s activity. While it’s not a perfect live stream (the video plays at around 1 frame per second), it’s quick enough for hackers to see what they’re doing on your device. However, in order to really do something, they will use Octo to take over the AccessibilityService.
However, you won’t see any of this because Octo uses a black overlay on your screen in addition to turning off any notifications you might receive: from your perspective, your phone appears to be disabled, but it’s open season for hackers. your Android device.
From here, hackers can remotely perform a range of tasks on your device, including taps, gestures, typing, text pasting, long clicks and swipes, and other commands. In addition, the hacker doesn’t even have to do all this himself: rather, he can simply “tell” the malware what he wants, and the malware will perform the tasks automatically. You can imagine that the potential scope for cheating is greatly expanded as it doesn’t require a person to sit down and follow the steps one by one.
Octo can do a lot on your device. It can act as a keylogger, reporting every action you take on your device, including your lock pattern or PIN, the URLs you visit, and any screen taps you make. Moreover, it can clean up your contact lists, intercept your SMS messages, and record and monitor your phone calls. The author of Octo even made it harder to detect by writing his own code to hide the identity of the malware.
How does Octo get on your Android phone?
Like many malware, compromised applications are the primary means of installation. According to ThreatFabric, the “Fast Cleaner” app contained Octo in addition to other types of malware and was downloaded over 50,000 times before Google removed it from the Play Store. The app was primarily aimed at European banking users and installed Octo by convincing users to install a “browser update”. Other affected apps include a screen recorder called “Pocket Screencaster” as well as a set of fake banking apps designed to trick users of real banks into downloading.
Thus, the secret to avoiding Octo lies in the constant application of great cyber security practices on your Android device. Never download an app from the Play Store without first checking it out. While Google’s opt-out system is certainly better than before, compromised apps go through it all the time.
Next, be extremely wary of apps that ask you to download a standalone app or install an update from their link instead of from the Play Store. Legitimate apps want you to use their app, not follow a dubious link to download some other app. Similarly, your apps will get updates from the Play Store instead of the app’s own update site. These methods are classic malware installation tactics, and you can avoid them simply by carefully considering the actions you take on Android.
If you’re concerned that you may have had malware installed on you, you can use a trusted service like MalwareBytes to scan your device for malware. If you need to go nuclear, a factory reset can wipe out all malware and install a fresh version of Android on your phone. However, as long as you are mindful of the apps and links you interact with on your devices, you should be on your way to avoiding Octo and other similar malware.
[ Tom’s Guide ]