According to Italian cybersecurity firm Cleafy, a campaign using SpyNote has been detected, targeting financial institutions in Europe since June 2023.
Security experts from F-Secure said SpyNote (also known as SpyMax) is often spread through SMS phishing campaigns, tricking victims into installing the application by clicking on a link embedded with malicious code.
In addition to requesting access to call logs, camera, SMS messages, and external storage, SpyNote is known for hiding its presence to avoid detection. According to the analysis, the SpyNote malware can be launched through an external program.
European bank customers are being targeted by SpyNote
Crucially, SpyNote looks for permissions and then leverages them to grant itself additional permissions to record audio and phone calls, keystrokes, and take screenshots of the phone. Further analysis revealed that SpyNote includes functionality to counteract attempts to terminate the malicious app.
It does this by registering a broadcast receiver class, which is designed to restart itself whenever the program is shut down. Attempts to uninstall the malicious app by going into Settings are prevented by closing the screen using accessibility APIs.
F-Secure said the difficulty SpyNote causes on the device leaves the victim with the option of performing a factory reset, which will erase all data. The Finnish cybersecurity firm detailed an Android app that masquerades as an operating system update to trick victims into granting access to accessibility services, which can then steal banking and SMS data.
Source link
Comment (0)