• Tue. Aug 22nd, 2023

SpyNote Trojan Spreads in Europe

Aug 22, 2023
SpyNote Trojan Spreads in Europe
Esme Greene
Latest posts by Esme Greene (see all)

Cleafy experts reported European bank customers falling prey to SpyNote, an Android banking Trojan that uses phishing, smishing, RAT, and vishing techniques.

SpyNote: Unraveling the Silent Intrusion

SpyNote, a spyware-infected Trojan, grants remote control of smartphones and extracts sensitive data like contacts, SMS messages, social media passwords, call logs, and location information. Throughout 2023, attackers worldwide actively deploy this trojan, primarily targeting financial institutions.

The attack commences with a fake SMS urging users to install a banking app. The link redirects victims to the legitimate TeamViewer QuickSupport app’s download page on Google Play. The attacker then poses as a bank operator, conducting fraudulent transactions via TeamViewer on the victim’s device.

The attackers utilize TeamViewer as a channel to remotely access the victim’s phone and install malware surreptitiously. SpyNote captures geolocation, keystrokes, screen recordings, and SMS messages, allowing it to bypass SMS-based two-factor authentication (2FA).

A significant malicious SMS campaign uncovered by McAfee targeted Japanese Android users, downloading SpyNote under the guise of an official app from a local utility company.

In February, it came to light that flagship Android devices sold in China have pre-installed spyware, covertly collecting personal data without user knowledge. The collected data is transmitted not just to the device manufacturer but also to service providers like Baidu and Chinese mobile operators.