An aggressive cybercriminal campaign that unfolded in June and July 2023 slips the banking trojan SpyNote (another name is SpyMax) to owners of Android mobile devices.
Cleafy specialists spoke about malicious activity aimed at customers of credit institutions in Europe.
“SpyNote falls into the category of spyware and is distributed through phishing or smishing campaigns. On a device, malware can open remote access to the operator,” the researchers wrote in the report.
SpyNote is not much different from standard banking trojans, so the first thing it does after it enters the system is that it asks for access to accessibility services (special features of the Android OS). After that, he gets the opportunity to elevate rights and extract important data.
Nevertheless, the malware also has interesting distinguishing features: the ability to function as spyware and carry out bank fraud.
The attack by SpyNote operators begins with a malicious SMS message in which the victim is urged to install a banking application. If you click on the link in the message, you will be redirected to download the TeamViewer QuickSupport software available from the Google Play Store.
“TeamViewer is being used by a number of attackers in fraudulent transactions. In this case, the attackers resort to social engineering: they call the victim, pretending to be bank employees, and carry out unauthorized transactions directly on the victim’s device,” experts explain.
Using a popular remote access program, cybercriminals install SpyNote on Android devices. The latter can collect geolocation data, capture keystrokes, record screen actions, and intercept two-factor authentication codes.
(c) https://www.anti-malware.ru/news/2023-08-02-111332/41678
Cleafy specialists spoke about malicious activity aimed at customers of credit institutions in Europe.
“SpyNote falls into the category of spyware and is distributed through phishing or smishing campaigns. On a device, malware can open remote access to the operator,” the researchers wrote in the report.
SpyNote is not much different from standard banking trojans, so the first thing it does after it enters the system is that it asks for access to accessibility services (special features of the Android OS). After that, he gets the opportunity to elevate rights and extract important data.
Nevertheless, the malware also has interesting distinguishing features: the ability to function as spyware and carry out bank fraud.
The attack by SpyNote operators begins with a malicious SMS message in which the victim is urged to install a banking application. If you click on the link in the message, you will be redirected to download the TeamViewer QuickSupport software available from the Google Play Store.
“TeamViewer is being used by a number of attackers in fraudulent transactions. In this case, the attackers resort to social engineering: they call the victim, pretending to be bank employees, and carry out unauthorized transactions directly on the victim’s device,” experts explain.
Using a popular remote access program, cybercriminals install SpyNote on Android devices. The latter can collect geolocation data, capture keystrokes, record screen actions, and intercept two-factor authentication codes.
(c) https://www.anti-malware.ru/news/2023-08-02-111332/41678
