Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
Researchers analyzed the work of a secretive and very effective malware on Android.
Analysts from the information security company F-Secure conducted an in-depth analysis of the Android Trojan Spnote and discovered its extensive capabilities for collecting confidential information.
Usually, Spnote is distributed through smishing campaigns, during which attackers convince victims to click on the link in the SMS and install the app. During installation, Spnote requests access to the call log, camera, SMS messages, and external storage, cleverly hiding its tracks on the Android start screen and recent tasks screen to make it harder to detect.
The researchers said that the Spnote malware can be activated via an external trigger. After receiving the signal, the malicious app starts the main activity.
Spnote is notable for the fact that it gets permissions, and then uses them to automatically grant itself additional rights to record audio and phone calls, register keystrokes, and create screenshots of the screen via the MediaProjection API.
A more thorough study of the malware revealed the presence of so-called "diehard" services that protect the application from attempts to terminate it, whether on the part of the victim or the operating system.
The SpyNote Trojan ensures its resilience by registering a Broadcast Receiver, which automatically restarts the malware when it attempts to terminate. Moreover, when a user tries to delete a malicious app through the settings menu, the menu is automatically closed due to the use of the API. The only solution to the problem is to perform a factory reset, losing all data on the device.
Analysts from the information security company F-Secure conducted an in-depth analysis of the Android Trojan Spnote and discovered its extensive capabilities for collecting confidential information.
Usually, Spnote is distributed through smishing campaigns, during which attackers convince victims to click on the link in the SMS and install the app. During installation, Spnote requests access to the call log, camera, SMS messages, and external storage, cleverly hiding its tracks on the Android start screen and recent tasks screen to make it harder to detect.
The researchers said that the Spnote malware can be activated via an external trigger. After receiving the signal, the malicious app starts the main activity.
Spnote is notable for the fact that it gets permissions, and then uses them to automatically grant itself additional rights to record audio and phone calls, register keystrokes, and create screenshots of the screen via the MediaProjection API.
A more thorough study of the malware revealed the presence of so-called "diehard" services that protect the application from attempts to terminate it, whether on the part of the victim or the operating system.
The SpyNote Trojan ensures its resilience by registering a Broadcast Receiver, which automatically restarts the malware when it attempts to terminate. Moreover, when a user tries to delete a malicious app through the settings menu, the menu is automatically closed due to the use of the API. The only solution to the problem is to perform a factory reset, losing all data on the device.
