Two new Trojans infecting millions of Android devices in Europe

Not too long ago, cybersecurity researchers discovered two new Android trojans called Octo2 and Necro.

The first of these comes with enhanced capabilities to take control of devices and conduct fraudulent transactions.

Octo2

Among the malicious apps that contain Octo2 are NordVPN, but also Google Chrome.

The new iteration of the Octo malware, identified by Dutch security firm ThreatFabric, has been spotted in European countries such as the Republic of Moldova, Italy, Hungary and Poland.

Those who created it took steps to increase the stability of remote action capabilities, which are necessary for device takeover attacks.

Octo2 has its origins in the Exobot malware, originally detected in 2016, which later evolved into the Coper variant in 2021.

Evolution

Octo2 emerged mainly because of the leak of Octo’s source code earlier this year, which allowed other hackers to generate multiple variants of the malware.

Distribution by malicious applications and risks

Malicious Android apps that distribute it are created using a service called Zombinder.

The ability of this variant to perform invisible fraud on the device and intercept sensitive data, combined with the ease with which it can be customized by hackers, increases the risks for mobile banking users.

Recommendations for users

Experts recommend installing apps only from official sources, such as the Google Play Store, and keeping Play Protect active.

This is a tool that checks apps before installation and scans your device for harmful ones even after they’ve been downloaded and installed.

It’s enabled by default, but users should check the settings periodically to make sure they’re working as they should.

Necro Trojan

In addition to Octo2, another dangerous malware known as Necro Trojan has been discovered.

It installs adware which loads websites, thereby generating advertising revenue for the attacker.

The Trojan can also download and execute multiple arbitrary codes on the infected device.

Solutions

If you think you’ve downloaded an infected app, it’s a good idea to uninstall it immediately, then run a scan of your device with your favorite antivirus and change important passwords.