Warning, 17 Android applications containing the dangerous Octo malware have been detected. He is able to steal personal and banking data without being detected, by tricking victims into believing that their smartphone is off.
Beware of the applications you download on your Android smartphone! Trend Micro, a cybersecurity company, discovered in a new study several Android applications capable of stealing your personal and banking information. They can also intercept text messages to place malicious software there thanks to malware Ermac, Hydra, Teabot and especially Octo, which is particularly vicious. Check that they are not installed on your smartphone, otherwise your accounts will be hacked…
Octo: a malware that captures everything you write
Octo is a rather particular piece of malware. Once the app is installed and various permissions are given, this virus tricks victims into thinking their device is turned off by turning the brightness down to a minimum, disabling sounds and notifications, and overlaying a black screen. During this time, he takes the opportunity to carry out operations and steal identifiers – from accounts such as bank accounts. In its study, Trend Micro details the process used by hackers to recover user data through these applications: “Once the Octo malware is installed on the victim’s device and obtains core permissions, it will keep the device awake and register a scheduled service to collect and upload sensitive data to its server. It also uses a network virtual to record the user’s screen, including sensitive information such as banking credentials, email addresses and passwords, and PIN codes.The malware also causes the blackening of the user’s screen by turning off the backlight and turning off the sound of the device to mask malicious behavior.”
Octo is therefore able to capture everything the victim types on the device. It goes even further by retrieving the unique customer code used by banking applications – those generated through a randomly generated numeric keypad. The infected apps bypassed the defenses of Google Play Protec – which performs a security check on apps before they are downloaded to identify so-called “malicious” behavior. No less than 17 apps have recently slipped through the cracks – and while they have since been removed from the Play Store, they still pose a threat to people who have already downloaded them:
- call recorder
- VPN Rooster
- Super Cleaner
- Document Scanner
- Universal Saver Pro
- eagle photo editor
- call recorder pro+
- Extra Cleaner
- Crypto Utils
- FixCleaner
- Universal Saver Pro
- Lucky Cleaner
- Just In: Video Motion
- Document Scanner PRO
- Conquer Darkness
- Simple Cleaner
- Unicc QE Scanner
Google Play Store regularly infected
If these applications have been neutralized, new infected applications will unfortunately take over. To avoid being tricked, you have to pay attention to certain points when installing software. Typically, their developer’s accounts only feature one app, with very short privacy policies – these are often cut-and-pastes which, of course, never reveal the full extent of the app’s activities. perform. Be careful, you should also never download modified or “enriched” versions of certain major applications, such as WhatsApp.
The Play Store contains many infected apps – unlike Apple, which only allows downloading App Store-approved software. Google is working to take action against piracy. If Google Play Protect can detect and disable these malicious applications even after their installation – although we have seen that it does not work with this type of malware – it will put in place in the next few weeks a new security policy, including prohibiting apps that clone icons, logos, designs, or titles from other apps. They will also no longer be able to show full-screen ads if they cannot be closed after 15 seconds. Ads that appear before or during the loading screen, or before the start of a new level will also be prohibited. However, ads that are used to unlock in-game rewards will continue.