Security News > 2023 > August > European Bank Customers Targeted in SpyNote Android Trojan Campaign
Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023.
What makes the malware strain notable is its dual functions as spyware and perform bank fraud.
The attack chains commence with a bogus SMS message urging users to install a banking app by clicking on the accompanying link, redirecting the victim to the legitimate TeamViewer QuickSupport app available on the Google Play Store.
"In particular, the attacker calls the victim, impersonating bank operators, and performs fraudulent transactions directly on the victim's device."
The disclosure comes as the hack-for-hire operation known as Bahamut has been linked to a new campaign targeting individuals in the Middle East and South Asia regions with the goal of installing a dummy chat app named SafeChat that conceals an Android malware dubbed CoverIm.
Cyfirma, which uncovered the latest activity, said the tactics employed by this threat actor overlap with another nation-state actor known as the DoNot Team, which was recently observed utilizing rogue Android apps published to the Play Store to infect individuals located in Pakistan.
News URL
https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html
Related news
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (source)