Since October 2022, a new kind of malware has been targeting financial institutions. A widespread and powerful type of Android malware has turned its focus to online banking apps, employing keylogging capabilities to steal passwords and usernames for bank accounts, social networking accounts, and other accounts stored in your Android device.

Researchers at the cybersecurity firm ThreatFabric have described the virus that belongs to the SpyNote family as a type of trojan spyware that has been active since 2016 and allows cybercriminals to monitor and alter users’ activities on Android smartphones without being detected.

The newest SpyNote edition, marketed to online criminals as CypherRat, has been operational since late 2021. However, after the source code was published online in October 2022, researchers saw a sharp increase in CypherRat samples and campaigns.

Some famous institutions impersonated by this ransomware include HSBC U.K., Deutsche Bank, Kotak Mahindra Bank, and Nubank.

The feature-rich SpyNote malware can install arbitrary apps, collect SMS messages, calls, videos, and audio recordings, monitor GPS positions, and even prevent attempts to delete the app.

Additionally, it mimics the behavior of other banking malware by requesting access to services in order to extract two-factor authentication (2FA) tokens from Google Authenticator. The malware also records keystrokes in order to steal banking credentials.

The most recent version of SpyNote, known as SpyNote.C, also includes features for stealing Facebook and Gmail passwords and capturing screen information using Android’s MediaProjection API. Experts say this is the first variant to affect banking applications and other well-known apps like Facebook and WhatsApp.

SpyNote.C has also been known to impersonate the official Google Play Store service and other generic programs covering the wallpaper, productivity, and gaming categories.

According to estimates, between August 2021 and October 2022, 87 unique consumers bought SpyNote.C after its developer, CypherRat, promoted it through a Telegram channel. However, a dramatic rise in the number of samples was seen when CypherRat became open source in October 2022, indicating that other criminal organizations are using the malware for their operations.

Related Posts - TKS Blog

TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
tech news updates jan 2025
TKS Newsletter - 2025 January
Here's our January 2025 Newsletter Read the full PDF version here: The TKS Sentinel - January Issue In this month's edition, we discuss: New Tech Tools Malicious...
Read more
Managed IT Services Pricing
Managed IT Services Pricing Explained
  Understanding managed IT services pricing is crucial for business owners, as multiple variables can affect the final cost. The global managed services market is...
Read more

Used with permission from Article Aggregator