This virus steals your bank details on your smartphone

You will also be interested

[EN VIDÉO] Phishing: what is it and how do you prevent it?
Phishing, or phishing in English, is a form of spam that consists of pretending to be a trustworthy person or organization to hack information.

By monitoring the dark web, the cybersecurity company can ThreatSubstance discovered the existence of a new banking trojan, christened Oct. specific to androidit is a new more advanced version of the trojan horse ExobotCompact.D, itself an evolution of the Exobot malware first discovered in 2016

like most banking malwareOcto can record keystrokes to record Passwords and credit card numbers. It also focuses on apps specifically, banking in particular, where it displays a fake page about the application asking the victim to identify themselves. The malware also integrates functions to intercept and transmit text messageblock notifications from specific apps or even receive commands from a server.

The author can control the smartphone in real time

The most important novelty, however, is that the author now has the option to smartphone of the victim. Not only can it steal the data and use it later, but it can also perform operations directly on the infected device, reducing the risk of detection. Operations of the device and theIP address usually they are less likely to be flagged as suspicious by the bank or the targeted application.

Octo relies on function Accessibility Service Android to perform remote actions (clicking, scrolling, pasting text…), and the MediaProjection function to render the screen at a speed of screenshot per second. The author could even create a script to run them automatically, depending on the application, without interacting directly with the infected device. The trojan may also display a black screen to hide its actions, mute all notifications, and de Brightness at least.

Fake Apps in Play Store

The trojan was distributed directly on Play via fake apps store by google, which have been downloaded more than 50,000 times. These do not contain the malwareonly one module (drop) that allows you to install it to bypass the Play Store security. To trick victims into installing one of these apps, the author used fake pages on infected sites that ask to download a browser update. One of the applications mentioned, and since removed, is Fast Cleaner (, which was also used to install banking malware Xenomorph† Other scam apps include:

  • Pocket Screencaster (com.moh.screen)
  • Play Store (com.restthe71)
  • Postbank Security (com.carbuildz)
  • Pocket Screencaster (com.cutthousandjs)
  • BAWAG PSK Security (com.frontwonder2)
  • Install Play Store app (com.theseeye5)

This kind of malware shows the limits of double authentication, because it can access the smartphone accounts and intercept any message received. The victim doesn’t even realize the problem because the screen seems to stay off. The only parade is to pay close attention to the installed applications.

Interested in what you just read?

Ukraine: United States and India spare each other without reconciling their positions – 04/12/2022 at 00:59

United States: “Extremely High” March Inflation According to White House – 04/12/2022 at 09:09