Sophisticated device hijacking and on-device fraud capabilities have been baked into the new Octo Android banking trojan variant dubbed “Octo2,” which has been leveraged in attacks against Italy, Hungary, Moldova, and Poland, according to The Hacker News.

Malicious apps masquerading as Google Chrome, Enterprise Europe, and NordVPN created with the Zombinder APK service have been used to deploy Octo2, which also featured a Domain Generation Algorithm-based command-and-control system that increased its resistance to attempted takedowns, a report from ThreatFabric revealed. Octo2’s emergence was noted by ThreatFabric researchers to have been spurred by the exposure of its source code and shift to malware-as-a-service operations earlier this year. “This variant’s ability to invisibly perform on-device fraud and intercept sensitive data, coupled with the ease with which it can be customized by different threat actors, raises the stakes for mobile banking users globally,” noted ThreatFabric.