Situatie
There’s a new strain of malware floating around the internet, and it’s looking to control your Android device. Once installed, “Octo,” as it’s colloquially called, can both remotely see your screen and control your device, all without you knowing.
What is Octo?
Many hackers attempt to break into your accounts from their personal devices, by phishing for your login information, as well as your MFA codes. However, Octo allows bad actors to remotely access your Android phone, in what’s called on-device fraud (ODF). ODF is extremely dangerous, since the activity isn’t happening from somewhere else in the world, but from the device your accounts and networks expect it to.
How does Octo work?
Octo takes over Android’s MediaProjection function in order to stream your smartphone’s activity remotely. While it’s not a perfect livestream (the video runs about 1 frame per second), it’s plenty fast for hackers to see what they’re doing on your device. In order to actually do anything, though, they’ll next use Octo to take over AccessibilityService.
You won’t see any of this happening, however, because Octo employs a black overlay on your screen, in addition to silencing any notifications you may receive: From your perspective, your phone appears shut off, but to hackers, it’s open season on your Android device.
From here, hackers can perform an assortment of tasks remotely on your device, including taps, gestures, entering text, pasting text, long-clicks, and scrolling, among other commands. On top of that, a hacker doesn’t even need to do these things themself: Rather, they can simply “tell” the malware what they want it to do, and the malware will perform tasks automatically. You can imagine, then, the potential scale of fraud is widened considerably, since it doesn’t require a human to sit there and go through the steps one-by-one.
How does Octo get on your Android phone?
Like many malware infections, compromised apps are a major vehicle for installation. According to ThreatFabric, the app “Fast Cleaner” was found to contain Octo in addition to other malware types, and was downloaded over 50,000 times before Google removed it from the Play Store. The app primarily targeted users of European banks, and installed Octo by convincing the users to install a “browser update.” Other affected apps include a screen recorder called “Pocket Screencaster,” as well as suite of fake banking apps designed to trick users of the real banks into downloading them.
The secret to steering clear of Octo, then, is to employ excellent cybersecurity practices on your Android device at all times. Never download an app from the Play Store without thoroughly vetting it first. While Google’s rejection system is certainly better than it used to be, compromised apps make it through all the time.
Next, be extremely wary of apps that ask you to download a separate app, or to install an update from their link, not the Play Store. Legitimate apps want you to use their app, not to follow a sketchy link to download some other app. Similarly, your apps will receive updates from the Play Store, not the app’s proprietary update site. These methods are classic malware installation tactics, and you can avoid them by simply being thoughtful about the actions you take on Android.
If you’re concerned you might have installed malware, you can use a trusted service like MalwareBytes to scan your device for malicious software. If you need to go nuclear, a factory-reset can wipe out any malware and install a fresh version of Android on your phone. As long as you are mindful about the apps and links you interact with on your devices, however, you should be well on your way to avoiding Octo and other malware like it.
Leave A Comment?