>
An updated version of the SpyNote Android malware is deployed at high speeds, researchers claim.
SpyNote (also known as SpyMax) was an Android malware whose latest version, called CypherRat, was distributed exclusively through private Telegram channels, for a price. The tool offered a wide range of features, including remote access, GPS tracking, and device status and activity updates, as well as account theft for banking apps.
Experts have attributed the sudden spike to the fact that the malware was released for free on GitHub and picked up by numerous threat actors, now targeting banks such as HSBC and Deutsche Bank, as well as releasing it as fake WhatsApp, Facebook and other apps on the Internet. Google Play Store.
Increasing threat
It was thought that the original authors would sell the malware from August 2021 to October 2022, but after a number of scam incidents, where fraudsters impersonated the project and sold bogus programs, the authors posted the source code on GitHub.
Subsequently, the source code was arguably picked up by numerous threat actors, resulting in a spike in infections. Analysts at ThreatFabric, who monitor CypherRat, think the infections could get even bigger in the coming weeks and months.
In addition to the above-mentioned features, ThreatFabric has discovered that CypherRat is able to use the camera API to record and send videos from the compromised endpoints, share GPS and network location tracking data, steal Facebook and Google account credentials, Google Authenticator codes extracting and keylogging.
To become operational, SpyNote needs to access the Android Accessibility Service, which is still the best way to know if an app is malicious or not.
The researchers have yet to determine the exact distribution channels, but it is very likely that CypherRat is distributed via phishing sites and third-party Android app repositories.
Through: Beeping computer (opens in new tab)