Octo is a banking trojan terrorizing Australian Android users

Featured image for Octo is a banking trojan terrorizing Australian Android users

In Australia, a sophisticated Android banking trojan called Octo poses a severe cyber threat. Using various distribution methods, Octo has successfully targeted hundreds of Australians across more than 15 major banks. This trojan mimics legitimate bank login fields, luring users into entering their credentials on fake pages. By submitting their information, users are inadvertently granting access to their sensitive banking information to the threat actor.

Octo made its debut in January 2022, with its origins attributed to a threat actor known as “Architect,” presumed to be of Russian descent. The trojan shares striking similarities with another malware, ExobotCompact, raising suspicions that Architect either rebranded or is the mastermind behind both.


The trojan has historically gained initial access through the Google Play Store or via smishing campaigns. Smishing refers to the practice of sending SMS phishing messages that impersonate legitimate entities. Moreover, it is a cyber-attack that aims to steal sensitive information, such as login credentials or financial details. Octo’s primary targets are Android phones, including popular brands like Samsung and Google. Threat Fabric’s senior analyst, Dario Durando, uncovered a malicious campaign of Octo posing as a Google Chrome mobile browser update. This specific campaign resulted in at least 900 individuals downloading Octo. He claims that Octo is being rented out as malware-as-a-service, with individual threat actors using it to distribute malware.

Octo, a stealthy Android trojan, threatens users with sophisticated banking attacks

Octo proves to be a highly complex and dangerous malware strain, using various attack methods such as intercepting text messages, harvesting contacts, and even recording calls. The trojan’s capabilities extend to keylogging, overlay attacks, and resilience against uninstallation attempts. The threat actor behind Octo’s distribution in Australia operates a sophisticated overlay attack.

Dario Durando’s findings revealed the alarming ease with which users unknowingly downloaded Octo through a fake Google Chrome mobile browser update. After gaining access to the victim’s device, the Trojan executed a banking login overlay attack, a form of phishing. Once submitted, this attack successfully stole the user’s login credentials. Operating discreetly in the background, Octo proceeded to steal cookies, log keystrokes, uninstall apps, and intercept notifications, underscoring Octo’s comprehensive and intrusive capabilities.

Australia’s vulnerability to such cyber threats is exacerbated by a significant surge in scams. Reports show an 80% increase in 2022 compared to the previous year. Phishing alone accounted for approximately 25 million incidents. Stephanie Tonkin from the Consumer Action Law Centre highlighted the nation’s susceptibility to cyber threats, citing a lack of robust laws and systems to counteract scams.