“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

Share post:

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN and Google Chrome. According to cybersecurity firm ThreatFabric, this trojan disguises itself within seemingly legitimate apps to trick users into granting permissions, ultimately enabling attackers to access sensitive information and take over bank accounts.

After the malicious app is installed, victims receive a misleading pop-up prompting them to confirm installation and enable a “necessary plugin.” In reality, this bypasses Android security settings and allows Octo2 to be installed. The malware uses a tool called “Zombinder,” sourced from the dark web, to hide within legitimate app packages. It’s also capable of circumventing Android 13 security features.

Once installed, Octo2 enables attackers to intercept sensitive user data, control devices remotely for banking transactions, and capture and transmit screenshots—optimizing their quality even with poor internet connections. Unlike earlier variants of Octo malware, Octo2 has additional features designed to evade detection.

Initially detected in Europe, previous versions of Octo malware have appeared across the U.S., Canada, the Middle East, Asia, and Oceania. Octo2 traces its roots back to the Exobot malware, a family of trojans active since 2016. Because the source code is available on the dark web, Octo has become a “malware-as-a-service,” easily accessible to cybercriminals.

To protect against Octo2, experts recommend enabling Google Play Protect, only downloading apps from verified sources, and installing VPNs and browsers from reputable developers.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Disney reported to be dumping Slack following 1.1 terabytes data theft

Disney is reportedly dumping messaging appSlack following a massive data breach in July, highlighting the ongoing challenges companies...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways