A new version of the Octo Android malware, called Octo2, has been detected spreading in Europe disguised as NordVPN, Google Chrome, and an app called Europe Enterprise. Octo2 has improved stability, evasion capabilities, and a new C2 domain system. The malware is not yet on Google Play, but its spread is expected to increase.
So how does it spread?