HQ/EMEAFind out how we can help your business
A malicious software solution called SpyNote Android Trojan is the latest spyware that could secretly record audio and phone calls.
An analysis of this Android banking trojan reveals its multifaceted data-collection capabilities. Based on reports, Spynote’s typical vector for infection is SMS phishing campaigns since its operators want to deceive potential victims into installing the app by clicking on an embedded link.
SpyNote not only requests escalated privileges to access call logs, the camera, SMS messages, and external storage. Still, it could also conceal itself from the Android Home and Recents screens to bypass security detections.
Researchers noted that the threat actors could activate the SpyNote malware app through an external trigger. Next, the malware app will launch its primary function after it receives the intent of its operators.
The SpyNote Android Trojan leverages accessibility permissions to execute its malicious capabilities.
The SpyNote Android Trojan focuses on acquiring accessibility permissions. Once they receive these privileges, they could leverage them to obtain additional licenses for recording audio, phone calls, keystrokes, and capturing screenshots through the MediaProjection API.
Further investigation of the malware has revealed the presence of “diehard services” that could resist termination attempts, whether initiated by victims or the OS.
The malware could achieve this capability by registering a broadcast receiver that automatically restarts the malware and will face termination. Furthermore, the malicious will exploit the accessibility API to prevent users from uninstalling the malicious app.
The SpyNote sample is spyware that logs and steals various information, such as keystrokes, call logs, data about installed applications, and more. It remains obfuscated on the infected device, making it extremely difficult to detect or identify.
The developers also made uninstallation highly challenging; hence, victims are often left with no choice but to perform a factory reset, which results in losing all their data.
These revelations come from a recent report that details a deceptive Android app that disguises itself as an operating system update. The most crucial part of this campaign is that it lures victims into granting accessibility services permissions and proceeds to exfiltrate SMS and bank data.
Users should be careful of granting applications that want escalated privileges. These preventive methods will enable users to prevent threat actors from executing their campaigns through their malicious apps.
