Don’t trust that update! Untold number of Android users duped by dangerous SpyNote trojan
Android users have been put on spyware high-alert as a banking trojan by the name of SpyNote has recently returned to the limelight.
The Android-based malware has been a background security threat for users since 2022. However, now in its third revision and with source code of of one of its variants (known as ‘CypherRat’) having leaked online in January of 2023, detections of this spyware have spiked throughout the year.
SpyNote isn’t like many of the threats Android users face. You won’t find it tucked away inside of an innocuous app on the malware infected hellscape that is Google Play — at least not for now.
Instead, its primary method of spreading is through ‘Smishing’ or SMS phishing. These SMS messages can range from government updates to social media alerts with links to malicious apps. Here users will be misled into downloading an Android Package file (.APK), that works outside of the Google Play Store to infect a device and begin it’s nefarious deeds.
SpyNote: What does it do?
As stated, SpyNote primary method of infection is through SMS phishing attacks. However, variants of the spyware do exist and its methods of infection may evolve over time.
If you’re unlucky enough to fall foul of these attempts, the third-party app (while posing as an official update or legitimate service) tricks the user into accepting various permissions — after which, it will hide itself from view and begin to work behind the scenes at collecting user data in the following ways.
- Audio recording: Including microphone access and phone calls.
- Camera recording: Being able to access a victims camera for pictures or video.
- Keylogging: Recording every input and tap you make on your device.
- Credential theft: Stealing user logins (usernames, passwords, passkeys, and more) by intercepting banking, crypto wallets, and social media apps.
- Screen recording: Through screenshot captures and device streaming.
- GPS tracking: Accessing location services to track a victims location.
SpyNote: Do I have it, and how do I remove it?
SpyNote’s presence is hard to detect, and even harder to remove. If you’ve accessed a link to an app through SMS at any point, one of the ways you can tell if SpyNote is present on your device is by…