New ‘Octo’ malware tricks Android users into giving up bank details

Netsafe says it’s not aware of New Zealanders being tricked into giving up their bank details by a sophisticated new malware but it is possible they have without realising.

The ABC reported that Russian cyber criminals have targeted hundreds of bank customers across the Tasman with a malware called Octo.

The scam tricks Android phone users into sharing their banking information using fake log-in screens.

Netsafe’s chief online safety officer Sean Lyons said it was a “pretty nasty piece of malware”, as it not only attacked people’s bank accounts but shut down their phones, leaving them helpless to act.

Customers from 15 banks in Australia, including ANZ and Westpac, had fallen for the scam.

Australian consumer advocates had warned the nation was seen as a soft target.

But Lyons says that was misleading, as anyone could be a victim of cyber crime.

“The technology is ever changing, the technology is using the mechanisms that are out there, to become ever more sophisticated, to evolve, and to get past the tips and tricks that we have to stop ourselves falling for these,” he said.

“I don’t know that they’re necessarily looking for an age demographic …. really, they’re targeting people with bank accounts and that’s quite a lot of us.”

Octo targeted Android phones – brands such as Samsung, Google and HTC – and could be hidden in what look like legitimate apps on the Google Play store.

It could also be downloaded and installed independently, because of the way software on Android phones works.

Lyons said people should be careful when downloading apps and software that were depositing Octo on their phone.

“Perhaps we could be a little more careful in what it is that we download, and look a little more closely into what permissions we’re giving to the apps that we’re installing.”