A new threat has emerged online targeting Android users in recent campaigns. The malware is an advanced variant of the previously known Octo Android malware, which now mimics popular apps like NordVPN and Google Chrome to trick users.
New Octo Android Malware Mimics NordVPN And Others In Recent Campaign
According to a recent analysis from ThreatFabric, new Octo2 malware is running active campaigns against Android users.
Specifically, Octo2 isn’t entirely a novel malware; rather, it’s the advanced variant belonging to the known “Octo” (ExoBotCompact) malware family. Octo first caught attention in 2019 as “ExoBotCompact” when it boasted the “lighter” variation of the previously known “ExoBot” Android trojan. Over the years, it continued advancing its malicious capabilities, actively targeting Android users, until 2021. The malware then briefly paused its activities, eventually re-emerging as “Octo” in 2022.
Since then, Octo has remained active in the wild, adapting further enhancements and appearing as an advanced variant, “Octo2.” It exhibits increased RAT stability with minimal latency during remote sessions, enhanced anti-analysis and anti-AV capabilities, and the use of the Domain Generation Algorithm (DGA) for swift C2 server name generation.
To trick users, the malware impersonates popular apps like NordVPN, Google Chrome, and “Enterprise Europe Network.” The current target for Octo2 includes European countries like Italy, Hungary, Moldova, and Poland, where the researchers found the malware running active campaigns. Nonetheless, they suspect that the malware may expand its target radius anytime.
The researchers have shared the details about this malware variant and its recent campaigns in their post.
Users Must Stick To Downloading Official Apps Only
This attack campaign again emphasizes the importance of downloading apps and software from official sources. Since the threat actors can impersonate any popular app at any time to lure users, users must always avoid downloading apps from untrusted sources.
Ideally, the official developer listings on the Google Play Store provide the original applications. Alternatively, users can download apps directly from the vendors’ websites in case they can’t find one on the Play Store. This way, they can ensure they download legit apps only, avoiding any malware risks.
Let us know your thoughts in the comments.