Have you ever heard of malware apps and their on-device fraud (ODF) feature? Recently, cybersecurity researchers learned about Octo from seeing requests for it on the dark web. Octo, like ExobotCompact, offers measures to prevent reverse-engineering the malware and coding that makes it easy to hide inside an innocent-seeming app on the Google Play Store—as well as the neat trick of disabling Google Protect upon download.
Octo and the Fraud (ODF)
What sets Octo apart is its on-device fraud (ODF) functionality. While ODF isn’t new to the malware ecosphere, it is the quirk that distinguishes Octo from the rest of the Exobot family of malicious apps. To execute ODF or on-device fraud, Octo sneaks in via the Accessibility service and sets up what amounts to a live stream to the attacker’s command and control servers that is updated each second from the compromised phone. Then it uses a black screen and disables notifications to obscure what it’s up to from the innocent user.
It looks like your device has been turned off, but the malware is having a party while the screen is blank, and performing a host of tasks like scrolling, taps, texts, and cutting and pasting. Octo also uses keylogging software to track everything the hacked user types into the device (like PINs, social security numbers, OnlyFans messages), and is capable of blocking push notifications by specific apps and intercepting or sending texts.
Evolution of Malicious Software and on-device fraud
Octo is an appropriate name then for a piece of malware that’s so scarily versatile. As for campaigns in which attackers are already using the malware, Threat Fabric discovered an innocent-looking app on Google Play dubbed “Fast Cleaner” that was actually a “dropper” for Octo. Droppers are legit-seeming shells that hold malware payloads. They can even do what they advertise but in the end they’re poison pills. According to the cybersecurity site, “Fast Cleaner” was a favorite dropper, since it was also used to distribute flavors of malware like Alien and Xenomorph.
Malicious software is becoming more devious with each new evolution, adding features like multi-factor authentication evasion. It’s easy to feel completely exposed. Vigilance is key when it comes to protecting yourself and your data. Stay informed about the latest threats and keep your device updated with the latest security patches.