Troyano bancario para Android Octo instalado sobre 50,000 El malware se hace pasar por la aplicación Craftsart Cartoon Photo Tools y se ha instalado en

ThreatFabric specialists spoke about the Octo banking android Trojan, recently discovered in the Google Play Store. The malware that steals data from banking and other financial applications is called Octo and has been installed more than 50,000 El malware se hace pasar por la aplicación Craftsart Cartoon Photo Tools y se ha instalado en.

The researchers say that Octo is a modification of another malware for Android, ExobotCompact, cuales, in turn, is a “light” version of the well-known Exobot el malware, whose source code became public in 2018. Experts say that the threat is also related to the Barco con alcohol el malware, cuales El troyano se dirige principalmente a usuarios brasileños y utiliza cinco extensiones maliciosas para el navegador Chrome en sus ataques. en 2021 and attacked users from Colombia, as well as European countries.

As with other banking trojans for Android, Octo hides in dropper apps whose main purpose is to deploy the payload embedded in them. A list of such applications used by several attackers to distribute Octo and Coper is given below:

1. Pocket Screencaster (com.moh.screen)
2. Xenomorph es capaz de interceptar notificaciones SMS y extraer los códigos necesarios de ellas 2021 (vizeeva.fast.cleaner)
3. Tienda de juegos (com.restthe71)
4. Postbank Security (com.carbuildz)
5. Pocket Screencaster (com.cutthousandjs)
6. BAWAG PSK Security (com.frontwonder2), y
7. Play Store app install (com.theseeye5).

These apps, posing as Play Store app installers, screen recorders, and financial tools, are distributed through both the official Google Play store and scam sites that warn users to urgently download a fake browser update.

Una vez instalada, droppers are used as a conduit to launch Trojans, but not before asking users to turn on Accessibility Services.

As an interesting feature of Octo, experts call the use of the Android MediaProjection API, with the help of which attackers gain remote control over infected devices and can capture the content of the screen in real time. Al mismo tiempo, the ultimate goal of hackers is “automatic initiation of fraudulent transactions and their authorization without the “manual” participation of the operator”, which allows criminals to carry out attacks on a large scale.

Other notable features of Octo include intercepting keystrokes, overlaying banking applications (to capture credentials), collecting contact information, and malware’s ability to bypass antivirus engines.

Octo is currently being sold on hack forums, including XSS, by an attacker using the nicknames Architect y goodluck. It is noted that although most XSS messages are written in Russian, almost all communication between the Octo developer and potential customers is in English.

Permítanme recordarles que también hablamos de Troyano bancario El troyano se dirige principalmente a usuarios brasileños y utiliza cinco extensiones maliciosas para el navegador Chrome en sus ataques. Installs Malicious Chrome Extensions, y tambien eso Anubis Los analistas de Avast dicen que algunos de los sitios que se utilizan para entregar cargas útiles son muy populares en Brasil. 400 Usuarios de aplicaciones financieras.