This malware is so dangerous that it is even capable of bypassing multi-factor authentication in apps.
One of the peculiarities of new generation malware is that it is capable of evolving and adapting to new security protections and one of the best-known banking Trojans, the Trojan exobot discovered in 2016, it has been evolving in recent years until a very dangerous latest version has been found.
And it is that now security researchers have discovered a new version of Exobot, now called Octoand which has even more misleading features such as the one that allows all its fraudulent activities to remain hidden without the user noticing it.
As reported by BleepingComputer, security researchers ThreatFabric explain that this Trojan has some advanced features such as its ability to offer encryption that makes it easy to hide it within the innocent looking app, even with a clever trick to disable Google Protect when downloading the app.
Basically what makes this malware very dangerous is the in-device fraud (ODF) functionality. To do this, it sneaks through the accessibility service and sets up what amounts to a live stream to the attacker’s command and control servers, updated every second from the compromised phone.
It makes use of a black screen and disables notifications to hide what you’re doing. This way it looks like the compromised device is turned off but it is actually working in the background performing a series of tasks such as scrolling, tapping, texting, or cutting and pastingamong other.
This malware also has keylogger software to track everything the user types in order to get their login credentials, and is even capable of unblocking push notifications from specific apps and intercepting or sending text messages.
It seems that Octo has snuck into several apps on the Google Play Store, and one of them was called “Fast Cleaner”, a generically named app that did its job, but also included this Trojan.
That is why when you download applications from the Google Play Store, make sure that it is a very popular application, that it has a renowned developer company and do not forget to read the latest reviews.