Android: They detect a dangerous malware that steals keys from banking applications

Android's security booster adds a new competitor to its malware category: Octo, a newly discovered intrusive software that can be embedded in any Google Play Store to control the device at any time without the user's knowledge.

Once infected, attackers take control of the phone, such as stealing passwords from the different banking applications that the user has installed as they enter them.

One of the great advantages of Android is that there are so many options that exist when installing new applications, which also becomes a drawback: because of this freedom, there is more risk of installing software that does not have a good purpose.

It is something that appears almost every week as new malicious programs appear. The last one has a name: Octo.

Octo may go unnoticed as an update in an application. And, if you enter a phone, it opens the door for attackers to do whatever they want with it.

Research by security firm Threat Fabric has revealed how this new malware, a type of bot, is capable of infiltrating applications without being detected by the system. Its automatic operation by disabling Google Play Protect is one of the first attack measures.

It then overlays applications to record keystrokes, open a window on the phone and enable remote interaction. Everything that the user cannot notice.

Octo, the name the developer gave the malware, is part of the ExoBot family, a type of malware that has evolved since its development in 2016.

With the integration of Octo into the applications used as a hook, the malware opens a VNC (Virtual Network Computing) session with the attack panel to stream the screen; while using accessibility tools to capture and simulate panel touches.

Because Octo overlaps with the rest of the applications without the user noticing, an attacker can remotely observe how he enters passwords for banking applications.

You can also track two-step verification SMS codes, view WhatsApp contacts and other private information.

Threat Fabric claims that Octo has been exploited in a variety of applications, some on Google Play. And it aims to breach the security of most banking applications, an indication of the enormous dangers of malware.

How to access safe mode to delete suspicious spying apps on Android

When the phone is restarted in Safe Mode, all third-party apps are disabled and allows you to delete apps that could not otherwise be deleted. It should be noted that this will not work if the malicious software had root access to the system.

To start in safe mode, you have to press the shutdown button until that alternative appears. On some models, when pressing the shutdown button, the Shut down option appears and you have to press it again until the Safe Mode legend appears and then click on that option again.

Then you should go to Settings and there enter Applications. You will see a list of all the download apps. You have to check if you find one with a strange name or that you don't remember downloading and deleting it.

Before doing so, you should do a search to find out what is being removed from the device and avoid uninstalling any useful program that could affect its proper functioning.

In case there is any suspicion that cannot be removed, go to Settings or Settings/Lock and Security/Other Security Settings/Device Management. There you must disable access to the suspicious program.

In case none of this works, you can resort to making a copy of all the phone's information and doing a factory reset within the Settings menu.

KEEP READING