- Octo, a sophisticated Android banking trojan, poses a severe cyber threat in Australia
- Octo shares similarities with another malware, ExobotCompact, and is attributed to a threat actor known as “Architect,” presumed to be of Russian descent
- Octo primarily targets Android phones through the Google Play Store and smishing campaigns
- Octo has capabilities such as intercepting text messages, harvesting contacts, recording calls, keylogging, overlay attacks, and resilience against uninstallation attempts
Octo: A Sophisticated Android Banking Trojan
In Australia, a severe cyber threat looms in the form of Octo, a sophisticated Android banking trojan. This malware has successfully targeted hundreds of Australians across more than 15 major banks by mimicking legitimate bank login fields to steal users’ credentials.
Origin and Distribution
Octo made its appearance in January 2022 and is believed to be attributed to a threat actor known as “Architect.” It shares similarities with another malware, ExobotCompact, suggesting that Architect may be the mastermind behind both. The trojan has been distributed through the Google Play Store and smishing campaigns.
Target and Attack Methods
Octo primarily targets Android phones, including popular brands like Samsung and Google. It poses as a Google Chrome mobile browser update, luring users to download it. Once installed, Octo executes banking login overlay attacks, steals cookies, logs keystrokes, uninstalls apps, and intercepts notifications, demonstrating its invasive capabilities.
Cyber Threats and Vulnerability
Australia’s vulnerability to cyber threats is further exacerbated by a significant surge in scams. Reports have shown an 80% increase in scams in 2022 compared to the previous year, with phishing alone accounting for approximately 25 million incidents. This vulnerability is attributed to a lack of robust laws and systems to counteract scams, according to Stephanie Tonkin from the Consumer Action Law Centre.