Share this article on:
Financial institutions worldwide have become the target of a new version of a popular spyware tool designed to infect Android devices.
SpyNote is a popular malware that allows users to spy on and modify infected android devices. It infects devices by deceiving android users under the guise that it is another app, such as Facebook or WhatsApp.
It is also capable of accessing the camera, meaning users are able to directly spy on the device’s owner, raising concerns beyond financial safety.
SpyNote.C is the latest version, and according to ThreatFabric, it is the first release of the spyware that has placed a particular interest in targeting financial institutions, disguising itself as a banking app.
Several institutions have been affected to date, with SpyNote.C disguising itself as the banking app for several organisations, including HSBC, Deutsche Bank, Kotak Bank, and BurlaNubank.
It will also ask users for a wide range of accessibility permissions, which, when granted, will extract two-factor authentication codes through the Google Authenticator app, and steal app credentials by tricking a user into logging in and providing their details.
Between August 2021 and October 2022, at least 80 people reportedly purchased SpyNote.C, which was being sold on a Telegram channel under the alias CypherRat.
In the final quarter of 2022, reports of SpyNote.C attacks dramatically increased after the code for CypherRat was leaked onto GitHub. Bad actors also targeted other bad actors, pretending to sell the software.
Researchers at ThreatFabric have suggested that because of the leak, more and more versions of SpyNote will appear.
Furthermore, they predict that “SpyNote will keep using Accessibility Service to collect essential data from users’ devices and that it will be able to develop towards a successful distribution”, whilst additional security measures to protect the software continue to be developed.
Android users should remain aware of the software, only download applications from trusted sources, such as the Google Play Store rather than third-party websites, and be wary of what permissions applications ask for.