Octo BankingandroidTrojanがインストールされています 50,000 マルウェアはCraftsartCartoonPhoto Toolsアプリになりすましており、

ヘルガ・スミス四月 13, 2022最終更新: 四月 14, 2022
51 2 分を読んだ

ThreatFabric specialists 話した about the Octo banking android Trojan, recently discovered in the Google Play Store. The malware that steals data from banking and other financial applications is called Octo and has been installed more than 50,000 マルウェアはCraftsartCartoonPhoto Toolsアプリになりすましており、.

The researchers say that Octo is a modification of another malware for Android, ExobotCompact, どれの, in turn, is alightversion of the well-known エグゾボット マルウェア, whose source code became public in 2018. Experts say that the threat is also related to the カップ マルウェア, どれの チェイス銀行家の大規模なキャンペーンが発見されました の 2021 and attacked users from Colombia, as well as European countries.

As with other banking trojans for Android, Octo hides in dropper apps whose main purpose is to deploy the payload embedded in them. A list of such applications used by several attackers to distribute Octo and Coper is given below:

  1. Pocket Screencaster (com.moh.screen)
  2. Fast Cleaner 2021 (vizeeva.fast.cleaner)
  3. プレイストア (com.restthe71)
  4. Postbank Security (com.carbuildz)
  5. Pocket Screencaster (com.cutthousandjs)
  6. BAWAG PSK Security (com.frontwonder2), そして
  7. Play Store app install (com.theseeye5).

These apps, posing as Play Store app installers, screen recorders, and financial tools, are distributed through both the official Google Play store and scam sites that warn users to urgently download a fake browser update.

バンキングアンドロイドトロイの木馬オクト

インストールしたら, droppers are used as a conduit to launch Trojans, but not before asking users to turn on Accessibility Services.

As an interesting feature of Octo, experts call the use of the Android MediaProjection API, with the help of which attackers gain remote control over infected devices and can capture the content of the screen in real time. 同時に, the ultimate goal of hackers is “automatic initiation of fraudulent transactions and their authorization without the “manual” participation of the operator”, which allows criminals to carry out attacks on a large scale.

バンキングアンドロイドトロイの木馬オクト

Other notable features of Octo include intercepting keystrokes, overlaying banking applications (to capture credentials), collecting contact information, and malware’s ability to bypass antivirus engines.

The rebranding of Octo permanently erases the old links with the leaked Exobot source code, attracting a lot of new attackers who are looking for an opportunity to rent a supposedly new and original Trojan. Octo’s capabilities are dangerous not only for those applications that are targeted by overlay attacks, but for any other applications installed on the infected device. The fact is that ExobotCompact/Octo can read the contents of any application displayed on the screen, as well as provide an attacker with sufficient information to remotely interact with it and carry out on-device attacks.ThreatFabric 専門家は言う.

Octo is currently being sold on hack forums, including XSS, by an attacker using the nicknames Architect そして goodluck. It is noted that although most XSS messages are written in Russian, almost all communication between the Octo developer and potential customers is in English.

Due to the malware’s strong resemblance to ExoCompact, ThreatFabric assumes that Architect is the original author or the new owner of the ExoCompact source code.

私たちも話し合ったことを思い出させてください バンキング型トロイの木馬 チェイス銀行家の大規模なキャンペーンが発見されました Installs Malicious Chrome Extensions, 保護なしでインターネットに接続し、ビットコインで身代金を収集するためにユーザーデータを暗号化します アヌビス Androidバンカーはほぼターゲット 400 金融アプリのユーザー.

タグ
ヘルガ・スミス四月 13, 2022最終更新: 四月 14, 2022
51 2 分を読んだ

ヘルガ・スミス

ずっとコンピューターサイエンスに興味がありました, 特にデータセキュリティとテーマ, 現在と呼ばれている "データサイエンス", 10代前半から. 編集長としてウイルス駆除チームに参加する前に, 私はいくつかの企業でサイバーセキュリティの専門家として働いていました, Amazonの請負業者の1つを含む. 別の経験: 私はアーデン大学とレディング大学で教えています.

返信を残します

このサイトは、スパムを減らすためにアキスメットを使用しています. あなたのコメントデータが処理される方法を学びます.

トップに戻るボタン