Check for this banking malware that can take control of your phone

Delete these malicious apps hiding banking malware
© Info723783 | Dreamstime.com

To try and outsmart security protections, cybercriminals will tweak older malware variants and recycle them. The recent Aberebot banking Trojan is a good example.

Similar to stripping out the parts of an old vehicle and replacing them with faster components, criminals do the same to malware. The variant might have worked well in the past, but it needs newer coding to stay ahead of security.

Unfortunately, another dangerous malware variant is rearing its ugly head. Read on to see what makes it so devastating and what you can do about it.

Here’s the backstory

With its origins as far back as 2016, security researchers uncovered an updated version of the Exobot malware family. Using elements of a previous banking Trojan, criminals launched Exobot against financial institutions in 2018, with severe consequences.

While it seems to have gone dormant for a few years, security researchers at ThreatFabric discovered Octo on a Dark Web message forum and soon connected it to Exobot. It turns out that Octo is an updated version of the ExobotCompact, already found in several Android applications in the Google Play Store.

Criminals use the Octo malicious code to steal data from mobile phones. This includes intercepting text messages, harvesting contacts, recording phone calls, logging your keystrokes and controlling your phone.

Android apps with Octo embedded have been downloaded more than 50,000 times. Cybercriminals can easily buy the malware on hacker forums, making matters worse.

The infected Android apps are:

  • Pocket Screencaster (com.moh.screen)
  • Fast Cleaner 2021 (vizeeva.fast.cleaner)
  • Play Store (com.restthe71)
  • Postbank Security (com.carbuildz)
  • Pocket Screencaster (com.cutthousandjs)
  • BAWAG PSK Security (com.frontwonder2)
  • Play Store app install (com.theseeye5)

What you can do about it

ThreatFabric sent a notification to Google as soon as the results were in. Fortunately, the apps are no longer available. But that doesn’t mean they are gone for good or removed from your phone. Here’s how to check if the apps are on your device and remove them:

  • Open your phone’s Settings app.
  • Scroll down and tap on Apps & notifications.
  • Tap on the See all apps options to view a complete list of applications on your phone.

To remove a specific app, tap on it and select Uninstall. Remove any of the apps on this list to stay protected.

How to minimize risks

It can be difficult to detect which apps are malicious, but there are a few things that you can do to minimize risks.

  • Before downloading an app, read through the reviews or comments to see if others have had problems. It would be best to steer clear of an app with a low rating.
  • Never give away more information than needed, and check which permissions an app requires. For example, there is no reason why a weather app needs your email address or telephone number. Tap or click here for ways to check app permissions.
  • If you think that an app could be malicious, don’t wait. Report it to Google or Apple immediately so that they can investigate. It is often through user reports that malware gets flagged and removed.
  • Have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Check your phone – Antivirus apps caught spreading banking malware

Scary new malware tracks where you go and records your audio

Tags: Android, antivirus, Apple, cybercriminals, Google, malicious apps, malware, permissions, security