A new, advanced variant of the Octo malware family, dubbed “Octo2,” has been uncovered, posing a heightened risk to mobile banking users worldwide.
According to ThreatFabric analysts, the Octo malware has been one of the most widespread mobile threats in recent years.
Octo2 introduces several sophisticated features aimed at improving remote access and evasion capabilities, making it more difficult for security systems to detect.
Key Features of Octo2
The primary enhancements in Octo2 focus on increasing the stability of its remote access capabilities, a key feature used in device takeover attacks.
ThreatFabric researchers noted that this variant significantly reduces latency during remote control sessions, even under poor network conditions, by optimizing data transmission.
Additionally, Octo2 integrates advanced obfuscation techniques, including a domain generation algorithm (DGA), which allows the malware to dynamically change its command-and-control (C2) server addresses, making detection more challenging.
Octo2 has already been deployed in targeted campaigns across several European countries, including Italy, Poland, Moldova and Hungary.
Cybercriminals have been observed disguising Octo2 as legitimate applications such as Google Chrome and NordVPN. In addition, the malware is designed to intercept push notifications from select apps, indicating that these applications are of interest to its operators.
Read more on mobile threats: NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms
“The emergence of this Octo2 variant represents a significant evolution in mobile malware, particularly in the context of banking security,” ThreatFabric said, commenting on the malware’s new features.
The company also noted that due to its enhanced remote access capabilities, advanced obfuscation techniques and the widespread availability of its predecessor’s source code, Octo2 is set to continue being a significant player in the mobile malware landscape alongside its older variants derived from the leaked source code.
“As this threat continues to evolve, both users and financial institutions must remain proactive, adopting stringent security measures and continuously updating defenses to mitigate the increased risk,” ThreatFabric concluded.