Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
Cleafy experts reported European bank customers falling prey to SpyNote, an Android banking Trojan that uses phishing, smishing, RAT, and vishing techniques.
SpyNote: Unraveling the Silent Intrusion
SpyNote, a spyware-infected Trojan, grants remote control of smartphones and extracts sensitive data like contacts, SMS messages, social media passwords, call logs, and location information. Throughout 2023, attackers worldwide actively deploy this trojan, primarily targeting financial institutions.
The attack commences with a fake SMS urging users to install a banking app. The link redirects victims to the legitimate TeamViewer QuickSupport app’s download page on Google Play. The attacker then poses as a bank operator, conducting fraudulent transactions via TeamViewer on the victim’s device.
The attackers utilize TeamViewer as a channel to remotely access the victim’s phone and install malware surreptitiously. SpyNote captures geolocation, keystrokes, screen recordings, and SMS messages, allowing it to bypass SMS-based two-factor authentication (2FA).
A significant malicious SMS campaign uncovered by McAfee targeted Japanese Android users, downloading SpyNote under the guise of an official app from a local utility company.
In February, it came to light that flagship Android devices sold in China have pre-installed spyware, covertly collecting personal data without user knowledge. The collected data is transmitted not just to the device manufacturer but also to service providers like Baidu and Chinese mobile operators.