Android users are being advised to uninstall three deceptive applications that harbor malware and mimic well-known programs like Google Chrome, as they are involved in fraudulent activities.
This malware targets bank accounts and can offer full control of the victim’s data. However, the official versions of these applications are not a threat.
The new variant of the malware has been called Octo2, and it is much more complex than the previous one, which is why it is almost impossible to identify. Cybersecurity researchers from ThreatFabric said Octo2 has been active in Europe.
The first version of the Octo banking trojan was discovered in April 2022 and Octo2 has added capabilities including the ability to remotely lock devices, mute sounds, and launch random applications, as well as sending texts containing malware to contacts.
The most concerning feature of Octo2 is its ability to monitor both incoming and outgoing SMS messages, along with push notifications. This capability allows hackers to capture security codes using text, and get access to certain secure accounts.
The three applications that Android users should avoid include Google Chrome, NordVPN, and Europe Enterprise apps which are suspected to engage in targeted attacks. But the original apps of these stores which are present in the Google Play Store are completely safe to download and use.
Octo2 has not been identified on Google Play and it is believed that contaminated versions of these apps are being spread through third-party markets which users are usually warned against.
The Octo2 malware campaign is most concentrated in Italy, Poland, Moldova, and Hungary now, but has been previously used to launch attacks worldwide, including the US, Canada, Australia, and the Middle East. Some of the experts have predicted that other regions may soon experience Octo2 campaigns.
