Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome

A new threat has emerged online targeting Android users in recent campaigns. The malware is an advanced variant of the previously known Octo Android malware, which now mimics popular apps like NordVPN and Google Chrome to trick users.

New Octo Android Malware Mimics NordVPN And Others In Recent Campaign

According to a recent analysis from ThreatFabric, new Octo2 malware is running active campaigns against Android users.

Specifically, Octo2 isn’t entirely a novel malware; rather, it’s the advanced variant belonging to the known “Octo” (ExoBotCompact) malware family. Octo first caught attention in 2019 as “ExoBotCompact” when it boasted the “lighter” variation of the previously known “ExoBot” Android trojan. Over the years, it continued advancing its malicious capabilities, actively targeting Android users, until 2021. The malware then briefly paused its activities, eventually re-emerging as “Octo” in 2022.

Since then, Octo has remained active in the wild, adapting further enhancements and appearing as an advanced variant, “Octo2.” It exhibits increased RAT stability with minimal latency during remote sessions, enhanced anti-analysis and anti-AV capabilities, and the use of the Domain Generation Algorithm (DGA) for swift C2 server name generation.

To trick users, the malware impersonates popular apps like NordVPN, Google Chrome, and “Enterprise Europe Network.” The current target for Octo2 includes European countries like Italy, Hungary, Moldova, and Poland, where the researchers found the malware running active campaigns. Nonetheless, they suspect that the malware may expand its target radius anytime.

The researchers have shared the details about this malware variant and its recent campaigns in their post.

Users Must Stick To Downloading Official Apps Only

This attack campaign again emphasizes the importance of downloading apps and software from official sources. Since the threat actors can impersonate any popular app at any time to lure users, users must always avoid downloading apps from untrusted sources.

Ideally, the official developer listings on the Google Play Store provide the original applications. Alternatively, users can download apps directly from the vendors’ websites in case they can’t find one on the Play Store. This way, they can ensure they download legit apps only, avoiding any malware risks.

Let us know your thoughts in the comments.

Related posts

Google Cloud To Implement MFA as a Mandatory Feature

Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder