According to a report by The Hacker News, researchers at the security company ThreatFabric have discovered a new version of the Octo trojan named Octo2. The malware is widespread throughout Europe, in countries such as Italy, Poland, Moldova and Hungary, but can harm users with Android devices in other countries.
The danger in Octo2 is high. Not only can it hide in the installations of seemingly familiar software such as the Chrome browser, it allows hackers to take over the device, and make false bank transfers that help to mask their activities with banks and financial institutions, and is a danger to banking on mobile devices in general.
The original version of Octo was detected in 2022, which itself is based on another malware called Exobot, from 2016. The reason it has now resurfaced is that its source code was leaked online earlier this year, and hackers have started "cooking" their own versions and perfecting it.
Some of the (dangerous) improvements are beyond the "Malware as a Service" (MaaS) model, which means that cybercriminals pay a "subscription fee" to the developer to use the software, and even receive upgraded versions, just like in the service model for recognized and legal software.
The second improvement is the use of the Zombinder service, which allows to literally "paste" the malware into free installation files of well-known applications such as the Chrome browser or well-known VPN services. The infected installation files convince the user that he needs to install an "add-on", and hence the path to takeover is short.
How to defend yourself? Just do not allow at all and do not activate in the settings the option to install apps from unknown third-party sources, and install only apps from the official Google or Samsung app stores, the Play Store and the Galaxy Store, respectively.