Octo Banking Trojan Lurks on the Google Play Store

Cybercriminals have once again managed to penetrate the security features of the Google Play Store, and upload malicious software there. A new malware campaign has been identified, and the payload it delivers is the Octo Banking Trojan. This malware was downloaded over 50,000 times from users, and it was typically disguised as various Android utilities.

The criminals behind the Octo Banking Trojan are abusing the dangerous malware family to steal data and credentials related to banks and financial entities. Some of the malicious applications ware Pocket Screencaster, Fast Cleaner 2021, Play Store, Pocket Screencaster, and others. If you recall installing any of these applications, you should immediately scan your Android device for malware by using a reputable security tool. Also, make sure to update the password and two-factor authentication methods of any financial services you access through your mobile device.

The Octo Banking Trojan attack is focused on Europe, but it is possible for the criminals to easily reach users in other continents as well. Once installed, Octo Banking Trojan grabs access to the 'Accessibility Service' on Android, which enables the criminals to have almost full control over the infected devices and its features.

When the payload's operators wish to execute the attack, they could interact with the user's screen in real time. This enables them to launch cleverly crafted phishing attacks, which ask the user to provide all sorts of information, including two-factor authentication codes. On top of this, Octo Banking Trojan can also intercept incoming text messages – another trick to bypass two-factor authentication. If you are an Android users who frequently accesses financial services through your device, you should make sure to enhance its security through the use of reputable security apps.

April 11, 2022