In Australia, a sophisticated Android banking trojan called Octo poses a serious cyber threat. Using a variety of distribution methods, Octo has successfully targeted hundreds of Australians across over 15 major banks. This Trojan mimics legitimate bank login fields, enticing users to enter their credentials on fake pages. By submitting their information, users are unknowingly giving the threat actor access to their sensitive banking information.
Octo made its debut in January 2022, with its origin attributed to a threat actor named “Architect”, who is believed to be of Russian origin. The Trojan shares striking similarities with another malware, XobotCompact, leading to suspicions that the architect has either rebranded or is the mastermind behind both.
Trojans have historically gained initial access through the Google Play Store or through smishing campaigns. Smishing refers to the practice of sending SMS phishing messages that impersonate legitimate entities. Furthermore, it is a cyber attack aimed at stealing sensitive information, such as login credentials or financial details. Octo’s primary target is Android phones, including popular brands like Samsung and Google. Dario Durando, senior analyst at Threat Fabric, revealed a malicious campaign from Octo posing as a Google Chrome mobile browser update. This specific campaign resulted in at least 900 individuals downloading Octo. They claim Octo is being rented out as malware-as-a-service, with individual threat actors using it to distribute malware.
Octo, a stealthy Android Trojan, threatens users with sophisticated banking attacks
Octo proves to be a highly complex and dangerous malware strain, using various attack methods such as intercepting text messages, collecting contacts, and even recording calls. The Trojan’s capabilities extend to keylogging, overlay attacks, and resilience against uninstallation attempts. The threat actor behind the distribution of Octo in Australia conducts a sophisticated overlay attack.
Dario Durando’s findings shockingly revealed that users unknowingly downloaded Octo through a fake Google Chrome mobile browser update. After gaining access to the victim’s device, the Trojan executed a banking login overlay attack, which is a form of phishing. Once submitted, this attack successfully stole the user’s login credentials. Working discreetly in the background, Octo managed to steal cookies, log keystrokes, uninstall apps, and intercept notifications, underscoring Octo’s broad and intrusive capabilities.
Australia’s vulnerability to such cyber threats has been further heightened by the significant increase in scams. The report shows an increase of 80% in 2022 compared to last year. Phishing alone resulted in approximately 25 million incidents. Stephanie Tonkin of the Consumer Action Law Center highlighted the country’s vulnerability to cyber threats, citing a lack of strong laws and systems to combat scams.