Security News > 2023 > August > European Bank Customers Targeted in SpyNote Android Trojan Campaign

European Bank Customers Targeted in SpyNote Android Trojan Campaign
2023-08-01 11:11

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.

What makes the malware strain notable is its dual functions as spyware and perform bank fraud.

The attack chains commence with a bogus SMS message urging users to install a banking app by clicking on the accompanying link, redirecting the victim to the legitimate TeamViewer QuickSupport app available on the Google Play Store.

"In particular, the attacker calls the victim, impersonating bank operators, and performs fraudulent transactions directly on the victim's device."

The disclosure comes as the hack-for-hire operation known as Bahamut has been linked to a new campaign targeting individuals in the Middle East and South Asia regions with the goal of installing a dummy chat app named SafeChat that conceals an Android malware dubbed CoverIm.

Cyfirma, which uncovered the latest activity, said the tactics employed by this threat actor overlap with another nation-state actor known as the DoNot Team, which was recently observed utilizing rogue Android apps published to the Play Store to infect individuals located in Pakistan.


News URL

https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html