There is a new malware for Android banking called Octo that has remote access features that allow attackers to scam the device.

Octo is an advanced malware for Android based on ExoCompact, a malware variant based on Exo Trojan that has left the cybercrime realm, and its source code was leaked in 2018.

The new version was discovered by ThreatFabric researchers who observed several users looking to buy on darknet forums. A key new feature of Octo compared to ExoCompact is its advanced remote access module, which allows attackers to remotely control a compromised Android device and perform device fraud (ODF).

Remote actions are provided via remote access and accessibility feature via a real-time screen streaming module (updated per second) via Android MediaProjection. Octo uses a black screen overlay to hide the victim’s remote actions, sets the screen brightness to zero, and disables all messages, enabling the mode without interruption.

Malware can perform various tasks without the victim’s knowledge, pretending that the device is turned off. These tasks include tapping the screen, gestures, typing text, changing the clipboard, pasting data, and scrolling up and down. Source