A new online threat targeting Android users has emerged in recent campaigns. This malware is an advanced variant of the Octo Android malware, now disguising itself as popular apps like NordVPN and Google Chrome to deceive users.
New Octo Android Malware Mimics NordVPN And Others In Recent Campaign
According to a recent analysis by ThreatFabric, the new Octo2 malware is actively targeting Android users in ongoing campaigns.
Octo2 is not a completely new malware, but an advanced variant of the previously known “Octo” (ExoBotCompact) malware family. Originally appearing as “ExoBotCompact” in 2019, it evolved into “Octo” in 2022, continuing to target Android users with improved malicious capabilities.
Octo2, the latest variant, features enhanced Remote Access Trojan (RAT) stability, improved anti-analysis and anti-AV capabilities, and utilizes the Domain Generation Algorithm (DGA) for rapid C2 server name generation. It has been observed impersonating popular apps like NordVPN, Google Chrome, and “Enterprise Europe Network” to deceive users.
The primary targets of Octo2 include European countries such as Italy, Hungary, Moldova, and Poland, with researchers detecting active campaigns in these regions. There is a possibility of the malware expanding its target range in the future.
Researchers have detailed this malware variant and its recent campaigns in their report.
Users Must Stick To Downloading Official Apps Only
This attack campaign underscores the importance of downloading apps and software from official sources to avoid falling victim to impersonation tactics by threat actors. Users should always refrain from downloading apps from untrusted sources.
Official developer listings on the Google Play Store offer authentic applications, or users can opt to download apps directly from vendors’ websites if unavailable on the Play Store. This precaution ensures the download of legitimate apps and reduces malware risks.
We welcome your thoughts in the comments.