Since October 2022, a new kind of malware has been targeting financial institutions. A widespread and powerful type of Android malware has turned its focus to online banking apps, employing keylogging capabilities to steal passwords and usernames for bank accounts, social networking accounts, and other accounts stored in your Android device.

Researchers at the cybersecurity firm ThreatFabric have described the virus that belongs to the SpyNote family as a type of trojan spyware that has been active since 2016 and allows cybercriminals to monitor and alter users’ activities on Android smartphones without being detected.

The newest SpyNote edition, marketed to online criminals as CypherRat, has been operational since late 2021. However, after the source code was published online in October 2022, researchers saw a sharp increase in CypherRat samples and campaigns.

Some famous institutions impersonated by this ransomware include HSBC U.K., Deutsche Bank, Kotak Mahindra Bank, and Nubank.

The feature-rich SpyNote malware can install arbitrary apps, collect SMS messages, calls, videos, and audio recordings, monitor GPS positions, and even prevent attempts to delete the app.

Additionally, it mimics the behavior of other banking malware by requesting access to services in order to extract two-factor authentication (2FA) tokens from Google Authenticator. The malware also records keystrokes in order to steal banking credentials.

The most recent version of SpyNote, known as SpyNote.C, also includes features for stealing Facebook and Gmail passwords and capturing screen information using Android’s MediaProjection API. Experts say this is the first variant to affect banking applications and other well-known apps like Facebook and WhatsApp.

SpyNote.C has also been known to impersonate the official Google Play Store service and other generic programs covering the wallpaper, productivity, and gaming categories.

According to estimates, between August 2021 and October 2022, 87 unique consumers bought SpyNote.C after its developer, CypherRat, promoted it through a Telegram channel. However, a dramatic rise in the number of samples was seen when CypherRat became open source in October 2022, indicating that other criminal organizations are using the malware for their operations.

Related Posts - TKS Blog

TKS Newsletter - 2024 December
Here's our December 2024 Newsletter Read the full PDF version here: The TKS Sentinel - December Issue In this month's edition, we discuss: Ransomware Threats PDF Hijacking ...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more
TKS Newsletter - 2024 November
Here's our November 2024 Newsletter Read the full PDF version here: The TKS Sentinel - November Issue In this month's edition, we discuss: Dark Web/Work Laptop ActiveX Controls ...
Read more
tips for troubleshooting computer issues
6 Tips To Troubleshoot Network Issues
Identifying The Source - Fast A business network is the lifeblood of operations. The digital artery pumps data through your organization. It enables everything from email...
Read more

Used with permission from Article Aggregator