Android: they detect a dangerous malware that steals keys from banking applications

A new malware is detected on Android. (photo: hypertextual)

The security booster Android adds a new competitor to its malware category: octoa newly discovered intrusive software that can embed in any application from Google Play Store to control the device at any time without the user’s knowledge.

Once infected, the attackers take control of the telephoneWhat steal the passwords of the different banking applications that the user has installed as you enter them.

One of the great advantages of Android is that there are so many options that exist when installing new applications, which also becomes a drawback: because of this freedom, there is more risk of installing a software which has no good purpose.

It is something that appears almost every week as new malware appears. The last one has a name: Oct.

Malware is invisible, self-contained, hard to detect and remove

Octo can go unnoticed as an update in an app. And breaking into a phone opens the door for attackers to do whatever they want with it.

Research by security firm Threat Fabric has revealed how this new malware, a type of bot, is able to infiltrate applications without being detected by the system. Its automatic operation disabling Google Play Protect is one of the first attack measures.

Then overlay apps to log keystrokes, open a window on the phone, and enable remote interaction. Everything that the user cannot notice.

Octo fraud capabilities.  (photo: Threat Fabric)
Octo fraud capabilities. (photo: Threat Fabric)

Octo, the name given to the malware by the developer, is part of the family ExoBota type of malware that has evolved since its development in 2016.

With the integration of Octo into the applications used as a hook, the malware opens a VNC (Virtual Network Computing) session with the attack panel to transmit the screen by streaming; while using accessibility tools to capture and simulate panel touches.

Malware Octo.  (photo: 20Minutes)
Malware Octo. (photo: 20Minutes)

Because Octo overlaps with other applications without the user noticing, an attacker can remotely observe how enter passwords for banking applications.

You can also track SMS two-step verification codes, view contacts from WhatsApp and other private information.

Threat Fabric claims that Octo has been exploited in a variety of apps, some on Google Play. And it aims break the security of most banking applications, an indication of the enormous dangers of malware.

Malware Octo steals passwords from banking apps on Android.  (photo: Five Days)
Malware Octo steals passwords from banking apps on Android. (photo: Five Days)

How to access safe mode to delete suspicious spy apps on Android

When the restart mobile in Safe Mode, all third-party applications are disabled and it allows you to delete apps that otherwise could not be deleted. It should be noted that this will not work if the malware had root access to the system.

To start in safe mode you have to press the power button until that alternative appears. In some models, when you press the power button, the option appears To turn off and you have to press there again until the legend appears Safe Mode and then click on that option again.

Android safe mode.  (photo:
Android safe mode. (photo:

Then you have to go to Setting and there enter Applications. You will see a list with all the download apps. You have to check if you find any with a strange name or that you don’t remember having downloaded and delete it.

Before doing it, should do a search to know what is being removed from the device and avoid uninstalling some useful program that could affect its proper functioning.

In case there is any suspicion that cannot be removed, you must enter Setting either Settings/Lock Y Security/Other security settings/Device administration. there must disable access of the suspicious program.

In case none of this works, you can resort to doing a copy of all cell phone information and make one factory restoration within the menu of Settings.


Creators will now be able to monetize in the metaverse: Meta and Horizon Worlds

Apple double charger: images are filtered before its launch

These PS3 and PS Vita titles can no longer be played on any Sony console