Security News > 2023 > January > SpyNote Android malware infections surge after source code leak

The Android malware family tracked as SpyNote has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as 'CypherRat.
Threat actors quickly snatched the malware's source code and launched their own campaigns.
All SpyNote variants in circulation rely on requesting access to Android's Accessibility Service to be allowed to install new apps, intercept SMS messages, snoop on calls, and record video and audio on the device.
To hide its malicious code from scrutiny, the latest versions of SpyNote employ string obfuscation and use commercial packers to wrap the APKs.
Threat actors currently use CypherRat as a banking trojan, but the malware could also be used as spyware in low-volume targeted espionage operations.
ThreatFabric believes that SpyNote will continue to constitute a risk for Android users and estimates that various forks of the malware will appear as we head deeper into 2023.
News URL
Related news
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Russian army targeted by new Android malware hidden in mapping app (source)