'Octo' Android malware can take over your phone — how to protect yourself

News
By last updated

Be careful what you install

Green skull on smartphone screen.
(Image credit: Shutterstock)

Android users need to be on the lookout for another piece of malware doing the rounds. This time it’s a nasty piece called Octo, which is designed to allow criminals to take remote control of your phone and perform some on-device fraud.

Octo is an evolved Android malware, based on the ExoCompact, which itself is based on the Exo trojan. Octo was discovered by researchers at ThreatFabric, after noticing users looking to purchase it on the darknet.

The main problem is Octo has advanced remote access abilities, which is provided by a live streaming module. That exploits Android’s MediaProjection and remote actions through the operating system’s Accessibility Service.

The malware hides its nefarious activities by using a black screen overlay, setting brightness to zero and activating a “no interruption” mode to disable notifications. To the phone’s owner, it appears as though the phone is switched off, letting criminals exploit your phone and the information within.

On top of this, Octo also features a keylogger, alongside a number of scary abilities including blocking push notifications, intercepting SMS messages, disabling sound, locking the home screen, launching applications, starting remote access sessions, and sending SMS messages to specific phone numbers.

ThreatFabric notes that Octo is generally sold on forums by a threat-actor using the alias “Architect” or “goodluck”. Given the similarities to Octo and ExoCompact, including its success disabling the Google Protect function on the Play Store, the researchers believe Octo may be a rebranded version of ExoCompact.

There are multiple ways for an Android device to be exposed to Octo. The main one involves the malware masquerading as a legitimate app on Google Play, while other campaigns rely on fake browser plugin updates or bogus update warnings. Apps known to contain Octo include:

  •  Pocket Screencaster (com.moh.screen) 
  •  Fast Cleaner 2021 (vizeeva.fast.cleaner) 
  •  Play Store (com.restthe71) 
  •  Postbank Security (com.carbuildz) 
  •  Pocket Screencaster (com.cutthousandjs) 
  •  BAWAG PSK Security (com.frontwonder2) 
  •  Play Store app install (com.theseeye5) 

What to do

The only way to stay safe from Octo, and other malicious Android apps, is to be vigilant about what you install. Because once it’s on your phone, anything that appears on your screen is accessible by whichever criminal is responsible for putting Octo there in the first place.

So keep the number of apps on your phone to a minimum and only install apps from trusted sources — even if the app comes from Google Play. Since malware can bypass Google’s Play Protect, the only real security you have is from constant vigilance.

You should also regularly check that Play Protect is activated, since it does a lot to keep your phone safe. Tap your profile icon next to the search bar and select Play Protect, followed by the Gear icon in the top right and make sure Scan apps with Play Protect and Improve harmful app detection are toggled on.

Lastly, we would suggest that you install one of the best Android antivirus apps to help scan your device for potential malware. 

See more Computing News
TOPICS
Tom Pritchard
Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

Read more
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Mobile malware
New malware uses infected VPN apps to take over your device — here's how to stay safe
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Nintendo Switch 2
Nintendo Switch 2 tipster may have just leaked release month and launch plans
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page
Tom Hiddleston as Robert Laing in "High Rise" now streaming on Netflix
5 best Netflix movies in March you haven't watched yet
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
More about malware adware
A hacker typing quickly on a keyboard

Hackers are using this little-known file type to drop a nasty Windows worm on vulnerable PCs — how to stay safe
Malware

1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this
Nintendo Switch 2

Nintendo Switch 2 tipster may have just leaked release month and launch plans
See more latest
Most Popular
Nintendo Switch 2
Nintendo Switch 2 tipster may have just leaked release month and launch plans
COLUMBUS, OHIO - JANUARY 26: Amber Glenn skates in the Women's Free Skate during the U.S. Figure Skating Championships at Nationwide Arena on January 26, 2024 in Columbus, Ohio. (Photo by Matthew Stockman/Getty Images)
How to watch World Figure Skating Championships 2025: live streaming, schedule, what TV channel?
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page
Tom Hiddleston as Robert Laing in "High Rise" now streaming on Netflix
5 best Netflix movies in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Wolfenstein: The Old Blood
Amazon is giving away a ton of free games for its Big Spring Sale — here’s how to claim yours
Park Ji-hoon in "Park Ji-hoon" now streaming on Netflix
Netflix just added this action-packed drama ahead of season 2 — and viewers rate it 96% on Rotten Tomatoes
Dark Side of the Ring
How to watch 'Dark Side of the Ring' season 6 online — stream wrestling doc from anywhere