3.9k Share this

Billions of Android users across the globe have been warned of a scary new attack which happens when you least expect it.

Hackers have found a way to scam people when they think their phone is switched off.

In actual fact, the cyber crooks have added a fake black screen to hide what they’re up to underneath.

They even remotely set the brightness to zero and disable notifications, so victims don’t get suspicious.

This means they can go and do what they like on your phone without you knowing anything is going on.

The malware lets them tap, write, copy and modify what they see as if they were holding the phone in their hands.

Even more worrying, it is also capable of monitoring your own actions, which comes in particularly useful for getting hold of sensitive PINs and passwords.

It’s a form of on-device fraud and banking malware called Octo.

And according to experts, it has already appeared in the wild.

Threat Fabric found it available on the dark web, where some of the worst net criminals lurk.

Most of them use fake web browser or Google Play Store app update notices on the internet to get people to download the malware.

And an app called Fast Cleaner, which had 50,000 installs, was also found to contain Octo.

Apps that don't keep up with the times can become buggy and filled with security flaws, which hackers love to take advantage of.
Apps that don’t keep up with the times can become buggy and filled with security flaws, which hackers love to take advantage of.
NurPhoto via Getty Images

It was removed from the Play Store in February.

Octo is actually a variant of a nasty trojan called ExobotCompact that was around in 2018.

“ExobotCompact/Octo has dangerous capabilities, powered by inventive distribution schemes including droppers on official Google Play store and malicious landing pages,” Threat Fabric said.

“Thus, customers are very likely to fall into installing the malware on their devices, allowing the actors to have remote access to their devices and therefore to their banking accounts.”

This story originally appeared on The Sun and was reproduced here with permission.

Source: NYPOST

3.9k Share this
You May Also Like
Tyson the bison found safe

Tyson the bison found safe

CHICAGO (CBS)– Tyson the bison is back safe after escaping several weeks…
Father of Kaitlin Armstrong, Texas yoga instructor wanted for love triangle murder of cyclist Anna Moriah Wilson, speaks out

Father of Kaitlin Armstrong, Texas yoga instructor wanted for love triangle murder of cyclist Anna Moriah Wilson, speaks out

AUSTIN, Texas — The father of Kaitlin Marie Armstrong, the woman suspected…

Sue Gray: Karaoke, fighting, and partying until 4am on the eve of Prince Philip’s funeral

Downing Street staff drank, fought and vomited their way through lockdown, knowingly…

DPS Reveals Uvalde Shooter Entered Thru Unlocked Door; No Armed School Officer

The Texas Department of Public Safety (DPS) revealed Thursday that the gunman who…

Charles steps out for a visit to a Ukrainian refugee centre

The Prince of Wales has spoken out about the ‘nightmare situation’ in…

Mother-of-three posts photos of her flat stomach at eight-months pregnant

Mother-of-three reveals it IS possible to hide a pregnancy as she shows…

Holy Grail’ of Ford Capris: RS3100 may sell for record £60k

A one-of-a-kind Ford Capri dubbed the ‘Holy Grail’ with just one careful…

Kent town council bosses forced to take down bunting put up to celebrate Queen’s Platinum Jubilee

Town hall chiefs have been forced to take down patriotic bunting ahead…