Select Page

A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities.

The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a “lite” replacement for its Exobot predecessor, Dutch mobile security firm ThreatFabric said in a report shared with The Hacker News.

Exobot is also likely said to have paved the way for a separate descendant called Coper, that was initially discovered targeting Colombian users around July 2021, with newer infections targeting Android users in different European Countries.

“Coper malware apps are modular in design and include a multi-stage infection method and many defensive tactics to survive removal attempts,” Cybersecurity company Cyble noted in an analysis of the malware last month.

Like other Android banking trojans, the rogue apps are nothing more than droppers, whose primary function is to deploy the malicious payload embedded within them. The list of Octo and Coper droppers used by multiple threat actors is below –

  • Pocket Screencaster (com.moh.screen)
  • Fast Cleaner 2021 (vizeeva.fast.cleaner)
  • Play Store (com.restthe71)
  • Postbank Security (com.carbuildz)
  • Pocket Screencaster (com.cutthousandjs)
  • BAWAG PSK Security (com.frontwonder2), and
  • Play Store app install (com.theseeye5)

images from Hacker News