A dangerous new strain of malware is spreading across Europe — putting millions of Android phone owners at risk. Dubbed Octo2, ThreatFabric cybersecurity researchers first uncovered the malware masquerading as popular Android apps like Google Chrome, an app called Europe Enterprise, or NordVPN.
The latter is one of the best VPN deals available, offering to secure your internet connection with military-grade encryption and unlock streaming from around the world. It’s cruelly ironic that Android users who downloaded the fraudulent version of this award-winning VPN found themselves at the mercy of hackers.
Octo2 is widely-tipped to be successor to the wildly popular Octo trojan.
When installed on your Android device, Octo2 allows hackers to control your device remotely, record what’s happening on-screen, manipulate incoming text messages and app notifications, track everything you’ve typed on the keyboard, and more.
Security researchers from ThreatFabric discovered the malware listed in unofficial app stores masquerading as NordVPN and Google Chrome to trick Android users into downloading the software
THREATFABRIC
That leaves criminals with a treasure-trove of data, which can be used in phishing scams, identity theft, and other common cyber attacks. The Octo2 malware is being distributed in unofficial app repositories online — so only those who seek to download apps outside of the Google Play Store are impacted. That makes it tough for security researchers to calculate how many devices are infected.
For now, the malware is believed to primarily target users in Italy, Poland, Moldova, and Hungary. However, security experts believe Octo 2 will soon become a global threat — a pattern established by its predecessor.
Octo2 improves on its infamous sibling with improved stability and advanced anti-detection mechanisms, making it a truly formidable threat to Android smartphone and tablet users. Hackers have also worked hard to ensure the new malware strain can function reliably, even with a poor network connection.
According to ThreatFabric, Octo2 is likely the developer’s response to the source code of the original Octo trojan leaking online earlier this year. That leak allowed hackers to use the code to create their own version of the malware — damaging sales of the original virus.
The original Octo was sold as a monthly subscription, dubbed Malware-As-A-Service (MaaS), for hackers who wanted to wreck havoc or siphon data from Android users all over the world. Victims of Octo were found across Europe, the United States of America, Canada, Australia, and the Middle East.
With profits in freefall following the leak, it’s assume to assume Octo2 is an attempt to get this nefarious business back on track. According to some unconfirmed reports, hackers are offering a special discount for users of the first-generation Octo malware.
It’s safe to assume hackers will target all of the same locations as Octo with the new strain in time.
To shield yourself again Octo2 and other malware threats, Android phone owners should avoid downloading apps from unofficial sources. Always stick to the Google Play Store for all app installations, which is protected by Google Play Protect, which scans for viruses and other threats every few seconds.
Even on official platforms, like Google Play Store, it’s always worth exercising caution. Check app reviews, developer information, links to developer websites, and the number of downloads. Any applications that demand unnecessary permissions should also be avoided.
LATEST DEVELOPMENTS
If you’re concerned, it can be helpful to regularly review and remove unused apps from your phone. Be particularly cautious of apps claiming to enhance or modify popular services like WhatsApp or Spotify.
A spokesperson for Google explained: “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”