SpyNote is a newly discovered banking trojan on the Android operating system, capable of collecting diverse information.
According to Italian cybersecurity company Cleafy, a campaign using SpyNote has been discovered, targeting financial institutions in Europe since June 2023.
Security experts from F-Secure said that SpyNote (also known as SpyMax) is often spread through SMS phishing campaigns, tricking victims into installing applications by clicking on links embedded with malicious code .
In addition to requesting access to call logs, cameras, SMS messages, and external storage, SpyNote is known for hiding its presence to avoid detection. According to the analysis, SpyNote malware can be launched through an external program.
The important point is that SpyNote looks for access permissions, and then leverages them to grant itself additional permissions to record audio and phone calls, keystrokes, and take screenshots of the phone. Analyzing further, researchers said SpyNote contains functionality to counter attempts to terminate this malicious application.
It does this by registering a broadcast receiver class, which is designed to restart automatically whenever the program is shut down. Attempts to uninstall malicious apps by going to Settings will be prevented by closing the screen using accessibility APIs.
F-Secure says the difficulty caused by SpyNote on the machine leaves victims ultimately with the option of performing a factory reset, which will result in the loss of all data. This announcement was made by a Finnish cybersecurity company detailing an Android application masquerading as an operating system update to lure victims into granting access to accessibility services, thereby stealing banking data. goods and SMS