A new malware called SpyNote, which is proficient at hiding itself, is making rounds on the internet. According to the internet security company F-Secure, this fake app can steal sensitive user data—like banking information, and primarily targets Android phones.
Per Amit Tambe, the company’s researcher, this spyware, SpyNote, spreads through ‘smishing,’ which involves sending infected SMS messages. When users receive these messages, they are prompted to download certain apps through the provided link, bypassing Google Play’s security measures.
How It Hides Itself On Android
Once the app (spyware) is installed on an Android device, it disguises itself and hides to avoid detection. Furthermore, as per F-Secure, SpyNote takes the “extra step” of hiding its activities from appearing on the ‘recents’ screen of the Android OS. It also remains hidden until an ‘external trigger’ is sent to the victim’s device to activate the malware.
How SpyNote Steals User Data
This spyware, of course, invades a users’ privacy as well, as it can record phone calls. The recorded files are saved in the .wav file format and then sent to the attacker. When the victim receives “an incoming call, the phone state changes, and the broadcast receiver is triggered. The code in the broadcast receiver checks if the victim has answered the call, and once confirmed, starts recording the audio,” F-Secure notes.
Additionally, to steal more data, the malware can capture .jpeg files from a user’s phone and act as a keylogger to potentially steal user data such as banking passwords and more.
According to the company, the infection rates of this trojan have increased after its source code was released in October 2022. Therefore, it is in your best interest to stay vigilant about this malware and also avoid clicking on foreign links received via SMS and more.