Billions of Android phone users around the world are being asked to be on the lookout for a new, dangerous malware attack that can take control of your device without you noticing.
People are warned to be careful of what they are installing on their phones as the scary malware, called Octo, can make its way on to your phones by masquerading as legitimate apps on Google Play.
Octo has been designed to allow criminals to hack into your phone, taking remote control of your device while making it seem like the phone is switched off. Here’s what you need to be aware of and how to protect yourself.
How does Octo malware attack your phone?
Octo is a form of on-device fraud and banking malware, which lets cyber crooks gain remote access to your phone. The hackers are able to tap, write, copy and modify what they see on your phone, while making you think your phone is switched off.
What the hackers are doing is actually adding a fake black screen to hide their nefarious actions underneath. They can even remotely set the screen brightness to zero and disable notifications, so that they don’t rouse suspicion from the victims.
The dangerous malware is actually a variant of a trojan called ExobotCompact, which was around in 2018. According to ThreatFabric who first noticed people purchasing Octo on the dark web, the malware is distributed to the official Google Play Store as well as landing pages.
It explained: “Thus, customers are very likely to fall into installing the malware on their devices, allowing the actors to have remote access to their devices and therefore to their banking accounts.”
Octo’s advanced remote access abilities makes it even more dangerous as it exploits Android’s MediaProjection and remote actions through the operating system’s Accessibility Service.
List of apps that have Octo
There are multiple ways for Android devices to be exposed to Octo. The main one usually involves the malware masquerading as a normal app on Google Play.
For example, an app app called Fast Cleaner, which had been installed 50,000 times, was found to contain Octo and removed from the Play Store in February.
Apps known to contain Octo include:
- Pocket Screencaster (com.moh.screen)
- Fast Cleaner 2021 (vizeeva.fast.cleaner)
- Play Store (com.restthe71)
- Postbank Security (com.carbuildz)
- Pocket Screencaster (com.cutthousandjs)
- BAWAG PSK Security (com.frontwonder2)
- Play Store app install (com.theseeye5)
Besides apps, some hackers also rely on fake browser plugin updates or bogus update warnings to get users to download the malware onto their devices.
How to protect your phone from Octo
Since malware can bypass Google’s Play Protect, only way to protect your device and stay safe from Octo is to be vigilant about what you’re installing on your device.
Once a dodgy app has been downloaded, anything that appears on your screen is accessibly by criminals who are behind the malware. So the best advice is to limit the number of apps on your phone and download apps only from trusted sources.
Even if Play Protect can’t always secure your device against malware, it’s important to regularly check it’s activated. To do this, tap profile icon next to the search bar and select Play Protect.
Then, click the gear icon in the top right and toggle on both Scan apps with Play Protect and Improve harmful app detection, to ensure as much protection as possible.