This malware Android app can access your camera, record calls for data theft

Highlights
  • SpyNote stays hidden on the Android home screen and the recent apps list.
  • The malware actively seeks opportunities to enter your phone.
  • It also constantly attempts to find ways to secretly infiltrate your Android device.

A team of researchers have examined the Android banking trojan called SpyNote to understand its various data-collection functions. It’s usually distributed through SMS phishing campaigns, where the malware tricks potential victims into installing it by getting them to click on a provided link.

As per cyber security company F-Secure, SpyNote asks for extensive permissions to access call logs, camera, SMS messages, and external storage. It also stays hidden on the Android home screen and the recent apps list. This is done to make it hard for users to spot it and avoid being noticed.

spynote-malware

Android banking trojan SpyNote details

  • According to a researcher named Amit Tambe from F-Secure, SpyNote isn’t a passive danger; it actively seeks opportunities to enter your phone.
  • The SpyNote malware app can be set in motion through an external signal. When it receives this signal, the malware app starts its main operation.
  • In simpler terms, it is constantly attempting to find ways to secretly infiltrate your Android device.
  • It tries to get accessibility permissions first, and then it uses that access to give itself more permissions, like recording audio and phone calls, logging keystrokes, and taking screenshots using the MediaProjection API.

  • When experts looked at the malware more closely, they found something called “diehard services” designed to make it tough to stop, whether by the phone’s user or the operating system.
  • SpyNote does this by setting up a system that keeps turning it back on whenever someone tries to shut it down.
  • Additionally, if users try to remove the harmful app through their phone’s settings, it stops them from doing so by messing with the accessibility features.

No posts to display