Description
A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation techniques, and a Domain Generation Algorithm (DGA) for communication with command and control servers. Initial campaigns have been observed in Italy, Poland, Moldova, and Hungary, targeting banking applications. The malware's developers have focused on enhancing stability for Device Takeover attacks and implementing advanced anti-detection measures. With the original Octo source code leaked, Octo2 represents an escalation in the mobile threat landscape, posing increased risks to mobile banking security worldwide.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 25, 2024, 12:54 p.m. | Sept. 25, 2024, 12:54 p.m. | Sept. 26, 2024, 1:39 p.m. |
Attack Patterns
Octo2
Architect
T1552
Additional Informations
Finance