ABC: Dark Web’s Octo Malware and its Impact on Australian Banking.

Over the weekend of November 18th, 2023, ABC Australia unveiled a series of tactics used by threat actors to exploit unsuspecting victims for their bank credentials and information within Australia. The revelation highlighted Russian-based cyber criminals as major culprits, ranking among the most sophisticated malware distributors capable of such malicious activities.

Threat actors often deceive victims by using skillfully crafted bank login pages that appear to come from a trusted and known party. These pages are so convincing that they can trick an unsuspecting victim into revealing sensitive information.

ABC Australia also shared a series of notable bank login pages mimicked by these threat actors, along with quiz questions on how users can identify these pages. We at FixitGearWare Security have answered these questions and will guide you on how to spot them.

 

Bogus-Login-page-01-1.png
                               Image-source: ABC-Australia
Bogus-Login-page-01.png
                        Image-source: Fixitgearware Response

 

Bogus-Login-page-02-1.png
                                             Image-source: ABC Australia
Bogus-Login-page-02.png
                                              Image-source: Fixitgearware Response

 

Bogus-Login-page-03-1.png
                                                        Image-source: ABC-Australia
Bogus-Login-page-03.png
                                Image-source: Fixitgearware score

 

Bogus-Login-page-04-1.png
                                           Image-source: ABC-Australia
Bogus-Login-page-04.png
                                       Image-source: Fixitgearware Response

 

Bogus-Login-page-05-1.png
                                                                    Image-source: ABC-Australia
Bogus-Login-page-05.png
                                            Image-source: Fixitgearware response

 

Bogus-Login-page-06-1.png
                                               Image-source: ABC-Australia
Bogus-Login-page-06.png
                                            Image-source: Fixitgearware response

 

Bogus-Login-page-07.png
                                                                                                               Overall Score Line. Image-source: Fixitgearware score. 

 

 

HOW ARE USERS TRICKED?

Threat actors often trick users via phishing links, into providing sensitive information to access their bank login page. Unbeknownst to the users, they actually send this sensitive information to the threat actor’s Command-and-Control (C2) server. Researchers attribute the acts to a malware known as Octo, which is currently for sale on the dark web and has been found in the wild.

The threat group who created the Octo malware are said to identify themselves as “Goodluck”.

Octo malware is known for its sophistication, which includes:

  • Recording calls from the victim’s device.
  • Harvesting sensitive information, including user contacts.
  • Evading anti-malware and anti-virus detection.
  • Bypassing multi-factor authentication.
  • Keylogger functionality through recording keystrokes and exfiltrating user text messages.

ABC Australia also disclosed a list of banks that these malware and scammers have successfully cloned. Reports indicate that a vicious malware victimized a handful of Australians within days of its emergence in the digital world. The threat actor focuses on citizens from Australia, considering them easy access for their malicious activities.

 

The-Dark-Webs-Latest-Product-Octo-Malware-and-its-Impact-on-Australian-Banking.png
                                                         List of Banks targeted by the Threat Actors. Image-source: ABC Australia

 

 

DEVICES THAT ARE MAJOR TARGETS:

Major devices targeted by the Octo Malware include brands such as Google, HTC, and Samsung Mobile. The malware can also hide, disguising itself as a legitimate app on the Play Store, leading users to not consider the app to be malicious due to its source.

With the growing trend of the Octo Malware, it’s no surprise that threat actors are able to expand their operations using this malware by offering it as Malware As A Service (MaaS).

 

EXPERT AND RESEARCHERS OPINION:

A few researchers from notable organizations gave their opinions on the Octo Malware.

 

Threat Fabric:

Dario Durando, a Senior Threat Analyst and representative from Threat Fabric, a Netherlands-based banking security platform, found the malware masquerading as a Google Chrome Browser software update. The backend statistics of the website showed that users in Australia downloaded the malicious software over 533 times, users in Spain downloaded it 362 times, and users in the United States of America downloaded it 64 times. However, they have since taken the counter offline.

Dario described that:

“All of these people collaborate just as normal businesses would do. So they have subscription schemes, they have discounts, they have support channels, it’s very, very concerning,”

“Nowadays with the predominance of mobile criminals are deciding well it is the time to actually invest research and create more mobile malware because that’s where the money’s at.”

 

Edward Driehuis, the Vice President of fraud engineering at Threat Fabric, also added his observations, noting that the threat group spoke Russian and had clear connections to the Russian cybercrime underworld.

In his opinion to ABC Australia, Driehuis stated that:

“They are after your hard-earned cash,” and quite difficult to differentiating them from politically motivated groups which are run by foreign nations.

“There’s definitely more than average attention to Australia.”

“I think you can never rely on awareness to be your first and last line of defence, that would not be fair to shift responsibility to your customers,”

 

In 2022, Australia experienced a significant surge in scams, with losses exceeding $3.1 billion, an increase of over 80% compared to 2021, according to statistics from the Australian Competition and Consumer Commission. Astonishingly, phishing techniques, which trick users into revealing sensitive information such as Personal Identifiable Information (PII), accounted for over $24.6 million in losses, marking a staggering 469% increase from the previous year.

 

Consumer Action Law Centre:

Stephanie Tonkin of the Consumer Action Law Centre has voiced strong criticism of Australian banks for their inadequate protection of customers against these increasingly sophisticated scams. She views Australia as a “soft target” due to the absence of robust laws and systems to combat scams. Tonkin urges the banking sector to shoulder more responsibility, given that these scams are taking place on their platforms. She proposes that the Australian government enact laws that hold banks accountable for reimbursing scam victims, thereby encouraging banks to enhance their scam prevention and detection systems.

In an interview with ABC Australia, Stephanie stated, “The AFP are innovating and exploring further opportunities to disrupt cybercriminals, particularly through our joint operations with Australian Signals Directorate. We are coordinating national joint task forces against business email compromise, ransomware, remote access scams, and identity fraud.” An Australian Federal Police spokeswoman acknowledged the escalating cybercrime threats and highlighted ongoing efforts to disrupt cybercriminals through joint operations.

 

SECURITY TIPS FROM EXPERTS:

Security experts have also shared some valuable tips via ABC Australia to help users protect themselves from malicious actors. These include:

  • Users, should  always be vigilant of individuals who have access to your private information. Data leaks could potentially source this information.
  • If you receive a call from an unfamiliar number, it’s advisable to hang up and redial using the official contact.
  • Be skeptical of any messages you receive, even if they appear to be from people you know. They might not be who they claim to be.
  • Always remember to protect your personal details from potential scams.
  • As an Android user, you should download apps exclusively from the Google Play store.
  • Be particularly wary of apps that request accessibility services.
  • Regularly check your phone’s Settings and Accessibility page for any apps that seem suspicious.
  • Keep in mind that if your device is compromised, you might be unable to access certain settings.
  • If you suspect that your phone has been infected, it might be necessary to perform a full factory reset.
  •  

FixitGearWare Security, is urging you our readers, to Stay safe and vigilant! 🛡️

 

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments