Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Android Spyware Targeting Financial Institutions

    justmattgBy justmattgJanuary 6, 2023No Comments3 Mins Read

    [ad_1]

    Jan 05, 2023Ravie LakshmananMobile Security / Surveillance

    Android Spyware

    Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics.

    “The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public,” ThreatFabric said in a report shared with The Hacker News. “This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions.”

    Some of the notable institutions that are impersonated by the malware include Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank.

    SpyNote (aka SpyMax) is feature-rich and comes with a plethora of capabilities that allows it to install arbitrary; gather SMS messages, calls, videos, and audio recordings; track GPS locations; and even hinder efforts to uninstall the app.

    It also follows the modus operandi of other banking malware by requesting for permissions to accessibility services to extract two-factor authentication (2FA) codes from Google Authenticator and record keystrokes to siphon banking credentials.

    In addition, SpyNote packs in functionalities to plunder Facebook and Gmail passwords as well as capture screen content by leveraging Android’s MediaProjection API.

    The Dutch security firm said that the most recent iteration of SpyNote (called SpyNote.C) is the first variant to strike banking apps as well as other well-known apps like Facebook and WhatsApp.

    Android Spyware

    It’s also known to masquerade as the official Google Play Store service and other generic applications spanning wallpapers, productivity, and gaming categories. A list of some of the SpyNote artifacts, which are mainly delivered through smishing attacks, is as follows –

    • Bank of America Confirmation (yps.eton.application)
    • BurlaNubank (com.appser.verapp)
    • Conversations_ (com.appser.verapp )
    • Current Activity (com.willme.topactivity)
    • Deutsche Bank Mobile (com.reporting.efficiency)
    • HSBC UK Mobile Banking (com.employ.mb)
    • Kotak Bank (splash.app.main)
    • Virtual SimCard (cobi0jbpm.apvy8vjjvpser.verapchvvhbjbjq)

    SpyNote.C is estimated to have been purchased by 87 different customers between August 2021 and October 2022 after it was advertised by its developer under the name CypherRat through a Telegram channel.

    However, the open source availability of CypherRat in October 2022 has led to a dramatic increase in the number of samples detected in the wild, suggesting that several criminal groups are co-opting the malware in their own campaigns.

    ThreatFabric further noted that the original author has since started work on a new spyware project codenamed CraxsRat, which is set to be offered as a paid application with similar features.

    “This development is not as common within the Android spyware ecosystem, but is extremely dangerous and shows the potential start of a new trend, which will see a gradual disappearance of the distinction between spyware and banking malware, due to the power that the abuse of accessibility services gives to criminals,” the company said.

    The findings come as a group of researchers demonstrated a novel attack against Android devices dubbed EarSpy, which provides access to audio conversations, indoor locations, and touchscreen inputs by leveraging the smartphones’ built-in motion sensors and ear speaker as a side-channel.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleBluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations
    Next Article Set Up Spy Cameras Around Your Home
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑