This virus steals bank details on your smartphone

By tracking the dark web, cyber security company Threatening cloth Found something new Bank Trojan, Named Octo. Mentioned androidThis is a newer, more advanced version Trojan horse ExobotCompact.D is an evolution of Exobot malware that was first discovered in 2016.

Like most Bank malwareKey pressures can be recorded for Octo recording Passwords And credit card numbers. That too is targeted Applications At the specific, specific bank, it will display a false page on the application that asks the victim to identify himself. Also integrates malware intercepting functions SMSYou can block notifications from specific applications or receive commands from the server.

The author can control the smartphone in real time

The main novelty, however, is that the teacher now has the opportunity to deal with it Skills Of the victim. Instead of simply stealing the data and then using it, it will perform the functions directly on the infected device and reduce the risk of detection. Actions from the device andIP address Usually, they are less likely to be flagged as suspicious by the bank or target application.

Depends on the octo function Access Service Android to perform remote actions Screenshot Per second. The author can create a script to do them automatically depending on the application, without having to interact directly with the infected device. The Trojan will display a black screen to hide its actions and disable and minimize all notifications Brightness At least.

Fake Apps on Play Store

The Trojan was distributed directly on Play through fake applications Shop Of Google, Has been downloaded more than 50,000 times. These do not include MalwareBut a block (Drop) This allows you to install the Play Store to avoid security. To install one of these apps and deceive the victims, the criminal used fake pages that told them to download the browser update on the affected sites. One of the applications mentioned, since it was removed, was Fast Cleaner (vizeeva.fast.cleaner), which was also used to install bank malware. Xenomorph. Other fraudulent applications:

• Pocket Screencaster (com.moh.screen)
• Play Store (com.restthe71)
• Postbank Security (com.carbuildz)
• Pocket Screencaster (com.cutthousandjs)
• BAWAG PSK Security (com.frontwonder2)
• Play Store Apps Installation (com.theseeye5)

Shows the limitations of this type of malware Dual recognition, Because it has access to smartphone accounts, can intercept any received message. The victim did not even realize the problem as the screen seemed to be away. The march is only a meticulous look at the installed applications.