Beware, this new Android banking malware could hijack your phone

Popular Android malware reskinned and sold on the dark web

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A popular mobile banking trojan has been upgraded and rebranded for sale on dark web forums, cybersecurity researchers have discovered.

Experts from ThreatFabric recently identified the highly dangerous Androidmalwarestrain, known as Octo, which allows the threat actor to operate the compromisedendpointfrom a remote location.

The attacker uses the Accessibility Service to conduct the remote actions, and a live stream module (using the Android MediaProjection) to view the display.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

ExoCompact is back

By overlaying the screen with black, the attacker can trick the user into thinking the device is turned off. The malware can also set screen brightness to zero, and disable all notifications.

Once the device is ready, the attacker can do all sorts of things, from writing text messages, modifying the clipboard, pasting data and more. It also works as a keylogger, allowing for the theft ofpasswordsandcredit carddetails.

After obtaining the sample, the researchers established that Octo is essentially an upgraded and evolved version of an old Android malware called ExoCompact.

Hundreds of thousands of Android users infected by banking malware hosted on Play Store>Anubis Android malware is back, and going after your banking apps>This dangerous Android banking trojan is now available online for anyone to use

ExoCompact is a trojan whose author reportedly quit in 2018, and had the source code for the trojan leaked online. However, the researchers now claim that it’s the same threat actor that now offers Octo - an individual known as “Architect” or “goodluck”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

They managed to trace the malware to seven apps found in thePlay Store:

All of the apps have now been removed fromGoogle’s app repository, but at least 50,000 devices have been compromised.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report