Android users need to be on the lookout for another piece of malware doing the rounds. This time it’s a nasty piece called Octo, which is designed to allow criminals to take remote control of your phone and perform some on-device fraud.
Octo is an evolved Android malware, based on the ExoCompact, which itself is based on the Exo trojan. Octo was discovered by researchers at ThreatFabric, after noticing users looking to purchase it on the darknet.
The main problem is Octo has advanced remote access abilities, which is provided by a live streaming module. That exploits Android’s MediaProjection and remote actions through the operating system’s Accessibility Service.
The malware hides its nefarious activities by using a black screen overlay, setting brightness to zero and activating a “no interruption” mode to disable notifications. To the phone’s owner, it appears as though the phone is switched off, letting criminals exploit your phone and the information within.
On top of this, Octo also features a keylogger, alongside a number of scary abilities including blocking push notifications, intercepting SMS messages, disabling sound, locking the home screen, launching applications, starting remote access sessions, and sending SMS messages to specific phone numbers.
ThreatFabric notes that Octo is generally sold on forums by a threat-actor using the alias “Architect” or “goodluck”. Given the similarities to Octo and ExoCompact, including its success disabling the Google Protect function on the Play Store, the researchers believe Octo may be a rebranded version of ExoCompact.
There are multiple ways for an Android device to be exposed to Octo. The main one involves the malware masquerading as a legitimate app on Google Play, while other campaigns rely on fake browser plugin updates or bogus update warnings. Apps known to contain Octo include:
- Pocket Screencaster (com.moh.screen)
- Fast Cleaner 2021 (vizeeva.fast.cleaner)
- Play Store (com.restthe71)
- Postbank Security (com.carbuildz)
- Pocket Screencaster (com.cutthousandjs)
- BAWAG PSK Security (com.frontwonder2)
- Play Store app install (com.theseeye5)
What to do
The only way to stay safe from Octo, and other malicious Android apps, is to be vigilant about what you install. Because once it’s on your phone, anything that appears on your screen is accessible by whichever criminal is responsible for putting Octo there in the first place.
So keep the number of apps on your phone to a minimum and only install apps from trusted sources — even if the app comes from Google Play. Since malware can bypass Google’s Play Protect, the only real security you have is from constant vigilance.
You should also regularly check that Play Protect is activated, since it does a lot to keep your phone safe. Tap your profile icon next to the search bar and select Play Protect, followed by the Gear icon in the top right and make sure Scan apps with Play Protect and Improve harmful app detection are toggled on.
Lastly, we would suggest that you install one of the best Android antivirus apps to help scan your device for potential malware.