Helping to share the web since 1996


Octo2 Malware Spreads via Fake NordVPN and Chrome Apps, Targeting Mobile Banking Users

person holding black iphone 5

A new variant of the Octo Android trojan malware, dubbed “Octo2,” has been spreading through malicious versions of popular apps like NordVPN and Google Chrome, according to a report from cybersecurity firm ThreatFabric. Once installed, victims are misled by a deceptive pop-up message that prompts them to click “confirm” and adjust their Android device settings to install a “necessary plugin.” In reality, this process tricks users into bypassing security measures and installing the Octo2 malware.

The attackers employed a dark web tool known as “Zombinder,” a dropper designed to conceal malware within legitimate apps on Android devices. Researchers have discovered that Octo2 is capable of circumventing Android 13’s security features.

This malware is primarily used to steal funds from victims via mobile banking by intercepting sensitive data and enabling remote takeover attacks. Attackers can take control of the victim’s phone to execute banking transactions, and Octo2 also sends screenshots of the device back to the cybercriminals, optimizing image quality even with poor internet connectivity. Unlike earlier versions, Octo2 includes enhanced features to avoid detection.

While Octo2 was initially detected in Europe, previous versions of the Octo malware have been discovered on devices in the U.S., Canada, the Middle East, Asia, and Oceania.

Newer Articles

Older Articles

Back to news headlines