Security News > 2023 > January > SpyNote Android malware infections surge after source code leak
The Android malware family tracked as SpyNote has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as 'CypherRat.
Threat actors quickly snatched the malware's source code and launched their own campaigns.
All SpyNote variants in circulation rely on requesting access to Android's Accessibility Service to be allowed to install new apps, intercept SMS messages, snoop on calls, and record video and audio on the device.
To hide its malicious code from scrutiny, the latest versions of SpyNote employ string obfuscation and use commercial packers to wrap the APKs.
Threat actors currently use CypherRat as a banking trojan, but the malware could also be used as spyware in low-volume targeted espionage operations.
ThreatFabric believes that SpyNote will continue to constitute a risk for Android users and estimates that various forks of the malware will appear as we head deeper into 2023.
News URL
Related news
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)