SpyNote Malware Targets Android Users By Recording Your Calls, Taking Screenshots

Highlights

• SpyNote malware distributed via smishing targets Android devices.
• Once installed, the malware gains critical permissions through Accessibility Services.
• The malware employs stealth tactics to hide its presence on compromised devices.
• The threat has evolved, with custom variants emerging post a source code leak in January 2023.

SpyNote, a spyware specifically designed for Android devices, is ramping up its activities, putting users’ sensitive information at risk.

Detailed by cybersecurity firm F-Secure, this malware is currently being disseminated through fake text messages, commonly known as smishing.

Here’s what you need to know about this emerging cybersecurity threat and how you can protect yourself.

Method of Distribution

Researchers at Italy’s D3Lab first identified a fake IT alert site that warned of a possible upcoming volcanic eruption and urged visitors to download the app for updates.

When iOS users click on the download button, they are redirected to the authentic IT-alert site.

However, Android users receive an ‘IT-Alert.apk’ file upon clicking the download button. This APK file carries the SpyNote malware.

Functionality and Permissions

Once installed, the malware gains access to Accessibility services, enabling the attackers to carry out a broad range of invasive actions on the compromised device.

Although it doesn’t require an exhaustive list of permissions, the few that it does request are critical.

Upon launching, it initially asks for BIND_ACCESSIBILITY_SERVICE permission.
Once granted, the malware autonomously approves several additional vital permissions.

SpyNote is designed to stay under the radar; it does not appear in the app launcher or the Recents screen.
To activate the malware, external triggers such as an SMS are employed.

Evolving Threat

SpyNote was first documented in 2022 and has since reached its third major version.

In January 2023, a report from ThreatFabric revealed a spike in SpyNote detections following a leak of one of its source code variants, codenamed ‘CypherRat.’

This leak led to the development of custom variants that specifically targeted banks or masqueraded as popular apps like Google’s Play Store, Play Protect, WhatsApp, and Facebook.

FAQs

What is SpyNote malware?

SpyNote is a spyware that specifically targets Android devices. It is distributed primarily through fake text messages.

How does SpyNote get installed?

The malware deceives users into downloading an APK file, posing as an emergency alert, which then installs SpyNote on Android devices.

What permissions does SpyNote require?

The malware asks for BIND_ACCESSIBILITY_SERVICE permission initially, and once granted, autonomously approves several more vital permissions.

How can I protect myself?

Only download apps from trusted sources and be cautious when clicking on links from unknown or suspicious text messages.

Also Read: ‘Like a Video and Make Money’ scam: All about the cyber fraud on Whatsapp; Received WhatsApp message asking you to like YouTube videos for Rs 150? It’s a scam

Also Read: Metaverse May Open Up New World of Cybercrime, Fears Interpol