Summary: K7 Labs has reported a new Android banking Trojan named OctoV2, which deceives users by masquerading as the popular Deepseek AI chatbot. The malware is distributed through phishing links that lead to fake websites mimicking the legitimate chatbot interface, leading users to download harmful APK files. Once installed, OctoV2 can siphon information by communicating with command and control servers and using complex evasion techniques.
Affected: Android devices
Keypoints :
- The Trojan exploits the likeness of the Deepseek AI chatbot to lure victims into downloading malicious software.
- Upon installation, the malware requests users to enable accessibility settings for its operations.
- The malicious app employs a Domain Generation Algorithm to dynamically generate server domains for communication, achieving resilience against takedown efforts.