Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This new Android malware impersonates VPN and browser tools, but don't be fooled

Malware.

A new Android malware has been spotted spreading across Europe masquerading as popular software and apps.

Octo2, seemingly a successor to the wildly popular Octo trojan, was detected by cybersecurity researchers from ThreatFabric, who warned hackers have been spreading it under the guise of popular VPN software, browsers, and more. Victims would be tricked into visiting either fake websites, or risky third-party app repositories, where they would download NordVPN, Google Chrome, or an app called Europe Enterprise.

Obviously, these apps are not working as intended, and instead infect the device with Octo2, an advanced Android trojan that grants crooks remote access capabilities, screen recording with invisibility, keylogging, different self-protection techniques, on-device fraud, SMS and notification manipulation, and more.

Notable improvements

Compared to the original Octo, the second version comes with a few notable improvements, including better operational stability, more advanced anti-analysis and anti-detection mechanisms, and a domain generation algorithm (DGA) system that grants threat actors a more resilient C2 communication.

Since the malware is not found on Google Play, and is not distributed through the official Android repository, it is difficult to determine exactly how many devices are infected. ThreatFabric claims that the majority of the victims are located across Europe - in Italy, Poland, Moldova, and Hungary.

However, the original Octo was a malware-as-a-service (MaaS) platform, and its victims were found all over the world, including the US, Canada, Australia, and the Middle East. Therefore, it’s safe to assume it’s only a matter of time before Octo2 is spotted there, as well.

ThreatFabric believes Octo2 is the developer’s response to Octo’s source code leaking earlier this year. When it happened, many threat actors used the code to create unique versions of the malware, possibly hurting the developer’s sales. Therefore, Octo2 could be a way to bring them back. Allegedly, there is a special discount for Octo users, as well.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.