“Octo”, a new banking malware with remote access capabilities was recently found in the wild. This malware can steal your banking details, hijack your devices, and perform on-device fraud via remote access.

Octo can set the screen brightness level of devices to zero and activate “Do Not Disturb” mode, completely silencing notifications and making the victim think that their device is turned off. This makes it so the victim is unaware of what the criminals are doing, which could include searching through and downloading private data, browsing the web, using applications, and lots more.

What can Octo Android banking malware do?

This Android banking malware has the following notable capabilities:

• Monitor and track victims’ actions both on the web and offline — recording system entries such as bank passwords, email accounts, and PINs. 
• Enable SMS interception — allows hackers to reset passwords and subscribe to services on behalf of the victim.
• Block push notifications from specified applications.
• Launch specified applications.
• Start a remote access session.
• Open specified URLs.

When criminals can hijack your phone, you are susceptible to losing all your accounts, including those with 2FA enabled. Your social media and video game accounts, crypto wallet app credentials, password management app login information, and potentially all other accounts in your name.

Use Trend Micro Mobile Security to protect against malicious apps

Trend Micro Mobile Security offers complete protection against Octo and other malware hidden in apps. Its real-time Security Scan feature provides the most comprehensive anti-malware capabilities available. Download today to stay protected.