1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new Android malware impersonates VPN and browser tools, but

    From TechnologyDaily@1337:1/100 to All on Wed Sep 25 10:45:05 2024
    This new Android malware impersonates VPN and browser tools, but don't be fooled

    Date:
    Wed, 25 Sep 2024 09:34:30 +0000

    Description:
    Octo malware returns with new features, researchers are warning.

    FULL STORY ======================================================================

    A new Android malware has been spotted spreading across Europe masquerading
    as popular software and apps.

    Octo2, seemingly a successor to the wildly popular Octo trojan, was detected by cybersecurity researchers from ThreatFabric, who warned hackers have been spreading it under the guise of popular VPN software, browsers, and more. Victims would be tricked into visiting either fake websites, or risky third-party app repositories, where they would download NordVPN , Google Chrome , or an app called Europe Enterprise.

    Obviously, these apps are not working as intended, and instead infect the device with Octo2, an advanced Android trojan that grants crooks remote
    access capabilities, screen recording with invisibility, keylogging,
    different self-protection techniques, on-device fraud, SMS and notification manipulation, and more. Notable improvements

    Compared to the original Octo, the second version comes with a few notable improvements, including better operational stability, more advanced anti-analysis and anti-detection mechanisms, and a domain generation
    algorithm (DGA) system that grants threat actors a more resilient C2 communication.

    Since the malware is not found on Google Play, and is not distributed through the official Android repository, it is difficult to determine exactly how
    many devices are infected. ThreatFabric claims that the majority of the victims are located across Europe - in Italy, Poland, Moldova, and Hungary.

    However, the original Octo was a malware-as-a-service (MaaS) platform, and
    its victims were found all over the world, including the US, Canada, Australia, and the Middle East. Therefore, its safe to assume its only a matter of time before Octo2 is spotted there, as well.

    ThreatFabric believes Octo2 is the developers response to Octos source code leaking earlier this year. When it happened, many threat actors used the code to create unique versions of the malware, possibly hurting the developers sales. Therefore, Octo2 could be a way to bring them back. Allegedly, there
    is a special discount for Octo users, as well.

    Via BleepingComputer More from TechRadar Pro Dangerous new Android malware infects 11 million devices here's what we know Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-new-android-malware-impersonates-v pn-and-browser-tools-but-don-t-be-fooled


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)