Android: Detect dangerous malware that steals keys from banking applications

New malware is detected on Android.  (photo: hypertext)
New malware is detected on Android. (photo: hypertext)

The security enhancer Android adds a new competitor to its malware category: Octa recently discovered intrusive software that can embed in any application from Google Play Store to check the device at any time without the user’s knowledge.

Once infected, the attackers take control of the phoneWhat steal the passwords of the various banking applications installed by the user as you enter them.

One of the great advantages of Android is that there are so many options that exist when installing new applications, that it also becomes an inconvenience: thanks to this freedom, there is more risk of installing a Software which does not serve a good purpose.

It’s something that pops up almost every week when new malware appears. The last one has a name: Oct

Octo can go unnoticed as an update in an app. And breaking into a phone opens the door for attackers to do whatever they want with it.

Research by security firm Threat Fabric revealed how this new malware, a type of bot, is able to infiltrate applications without being detected by the system. Its automatic operation which disables Google Play Protect is one of the first measures of attack.

Then overlay the apps on record keystrokes, open a window on the phone and enable remote interaction. Anything that the user cannot notice.

Octo fraud ability.  (photo: Fabric Threat)
Octo fraud ability. (photo: Fabric Threat)

Octo, the name given to the malware by the developer, is part of the family Exobota type of malware that has evolved since its development in 2016.

By integrating Octo into applications used as hooks, the malware opens a Virtual Network Computing (VNC) session with the attack panel to broadcast the screen from streaming; while using the accessibility tools for capture and simulate panel touches.

There are eight malware.  (photo: 20 minutes)
There are eight malware. (photo: 20 minutes)

Since Octo overlaps with other applications without the user noticing, an attacker can remotely observe how enter passwords for banking applications.

You can also track Two-Step Verification Codes SMS, view contacts from Whatsapp and other private information.

Threat Fabric claims that Octo has been leveraged in a variety of apps, some on Google Play. And aim break the security of most banking applications, an indication of the enormous dangers of malware.

Malware Octo steals passwords from banking apps on Android.  (photo: Five days)
Malware Octo steals passwords from banking apps on Android. (photo: Five days)

How to Enter Safe Mode to Delete Suspicious Spy Apps on Android

When the reboot cell in Safe mode, all third party applications are disabled and allows you to delete apps that otherwise could not be deleted. It should be noted that this will not work if the malware has gained root access to the system.

To start in safe mode you have to Press the power button until the alternative is displayed. On some models, when you press the power button, the option is displayed Remove and you have to press there again until the legend appears Safe mode and then click that option again.

Android Safe Mode.  (photo: tusexpertosmovil.com)
Android Safe Mode. (photo: tusexpertosmovil.com)

Then you have to go to Placement and there he enters Applications. You will see a list with all download apps. You have to check if you find any with a strange name or that you don’t remember downloading it and delete it.

Before you do that, should do a search to know what you are removing from the device and to avoid uninstalling any useful program that could affect its correct functioning.

In case there are suspicions that cannot be removed, you must enter Placement The Settings / Lock Y Security / Other Security Settings / Device Administration. there must disable access to the suspicious program.

In case none of this works, you can resort to doing a copy of all information on the mobile and create one factory restoration within the menu of Settings.

KEEP READING

Leave a Reply

Your email address will not be published.