Skip to content

Hide Navigation Hide TOC

Coper (014585c6-39a6-4d72-a90e-dcffcb77ddd3)

Octo, also known as Coper or ExobotCompact, is an Android banking Trojan that evolved from the Exobot malware family, first observed in 2016. Initially based on the Marcher Trojan, Exobot targeted financial institutions globally until 2018, when a lighter version, ExobotCompact, emerged. By 2021, a new variant appeared, named Coper by some antivirus vendors, but later renamed as Octo — a rebranded and enhanced ExobotCompact. In 2024, Octo2, an even more advanced iteration, was released, driven partly by the leak of Octo’s source code. The Malware-as-a-Service (MaaS) model makes Octo accessible to even novice cybercriminals.

Cluster A Galaxy A Cluster B Galaxy B Level
Coper (014585c6-39a6-4d72-a90e-dcffcb77ddd3) Android ExoBot (c9f2b058-6c22-462a-a20a-fca933a597dd) Malpedia 1
Coper (014585c6-39a6-4d72-a90e-dcffcb77ddd3) Android ExoBot (18291752-7340-4478-8347-63e402429a42) Android 1
Coper (014585c6-39a6-4d72-a90e-dcffcb77ddd3) Android Coper (70973ef7-e031-468f-9420-d8aa4eb7543a) Malpedia 1
ExoBot (c9f2b058-6c22-462a-a20a-fca933a597dd) Malpedia ExoBot (18291752-7340-4478-8347-63e402429a42) Android 2
ExoBot (18291752-7340-4478-8347-63e402429a42) Android Coper (70973ef7-e031-468f-9420-d8aa4eb7543a) Malpedia 2