Thanks to the careful studies of the researchers of Cleafy it was possible to understand the functioning of SpyNote.
Lo spyware Android in question, it seems, began to target financial institutions starting from the end of 2022, gradually gaining a foothold in the ambit of the bank fraud.
According to experts, the malware it takes advantage of accessibility services and various android permissions to conduct multiple malicious activities. The main channel of diffusion concerns phishing e smishingthen combining some typical functions of remote access trojans (RAT) and attacks wishes.
The effectiveness of SpyNote is confirmed by the substantial increase in cases between June and July 2023, with campaigns that affected a large number of customers of various European banks.
SpyNote is an effective and difficult to detect Android spyware
The data collected by Cleafy Threat Intelligence Team highlight how this threat is able to convincingly impersonate legitimate applications, thus making itself particularly difficult to detect.
The chain of infection typically starts with a SMS message deceptive that invites users to install a “new certified banking app”. This is followed by a link to an app TeamViewer probable but bogus, proposal for the phantom remote technical support. In fact, this is the first step cybercriminals take to gain remote access to the victim’s device.
The main features of SpyNote provide for the exploitation of accessibility services to then perform activities keylogging and not only. By tracking user activity, spyware gains access to crucial information such as installed applications and text inputs, all of which can be used to steal sensitive banking credentials and perform other similar tasks.
Also, SpyNote can intercept SMS messages, including two-factor authentication codes, and transmit them to the command and control server operated by the attackers. On top of that, the malware can also record what’s happening on the display, giving attackers total control over the device.
To evade detection and analysis, SpyNote employs various evasive techniques, such as code obfuscation, which makes such malware even more difficult to deal with.