Fake apps are one of the main tools used by hackers to gain access to millions of mobile devices around the world and today we are going to talk about a Trojan that disguises itself as these apps. With the name of Octo, the botnet was first mentioned on dark web forums in January 2022.
This Trojan was revealed to have a close connection to ExobotCompact, a Trojan that was used in numerous attacks on financial institutions in Australia. , France, Germany, Japan, Thailand and Turkey, and remained active for a long time.
The most important new feature of this threat is, a remote access capability that allows operators to perform fraud (ODF) on the victim’s device without being noticed, it can also track all actions on the damaged device and thus monitor devices without being noticed.
ODF is the most dangerous, risky and discreet type of fraud, where transactions are initiated from the same device the victim uses every day. In this case, anti-fraud engines are challenged to identify fraudulent activity with significantly fewer suspicious indicators compared to other types of fraud conducted through different channels.
To hide its malicious activities, the malware uses one option to display a black screen overlay and another to disable all notifications. At the same time, based on the commands received, the malware can perform gestures and clicks, perform specific actions, set the clipboard text, and paste the clipboard content.
The malware is known to cause millions of dollars worth of damage by accessing the bank accounts of individuals and businesses. To avoid mobile attacks, it is necessary to download applications only from trusted sources. Another problem is being careful when determining what data applications will access.
Knowledge-based measures aside, having a strong and reliable cyber intelligence system strengthens your security posture so it can be a good idea.
