admin 2023年10月17日13:26:09评论53 views字数 2568阅读8分33秒阅读模式


The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features.


Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure.


Besides requesting invasive permissions to access call logs, camera, SMS messages, and external storage, SpyNote is known for hiding its presence from the Android home screen and the Recents screen in a bid to make it difficult to avoid detection.


"The SpyNote malware app can be launched via an external trigger," F-Secure researcher Amit Tambe said in an analysis published last week. "Upon receiving the intent, the malware app launches the main activity."

F-Secure的研究员Amit Tambe在上周发表的分析中表示:“SpyNote恶意应用可以通过外部触发启动。” “在接收到意图后,恶意应用启动主要活动。”

But most importantly, it seeks accessibility permissions, subsequently leveraging it to grant itself additional permissions to record audio and phone calls, log keystrokes, as well as capture screenshots of the phone via the MediaProjection API.

但最重要的是,它寻求辅助权限,随后利用它来授予自己附加权限,以录制音频和电话通话、记录按键操作,以及通过MediaProjection API捕获手机屏幕截图。

A closer examination of the malware has revealed the presence of what are called diehard services that aim to resist attempts, either made by the victims or by the operating system, at terminating it.



This is accomplished by registering a broadcast receiver that's designed to restart it automatically whenever it is about to be shut down. What's more, users who attempt to uninstall the malicious app by navigating to Settings are prevented from doing so by closing the menu screen via its abuse of the accessibility APIs.


"The SpyNote sample is spyware that logs and steals a variety of information, including key strokes, call logs, information on installed applications, and so on," Tambe said. "It stays hidden on the victim's device making it challenging to notice. It also makes uninstallation extremely tricky."

Tambe说:“SpyNote样本是一种记录和窃取各种信息的间谍软件,包括按键操作、通话记录、已安装应用程序的信息等。” “它潜伏在受害者的设备上,很难察觉。卸载它也变得非常棘手。”

"The victim is eventually left only with the option of performing a factory reset, losing all data, thereby, in the process."


The disclosure comes as the Finnish cybersecurity firm detailed a bogus Android app that masquerades as an operating system update to entice targets into granting it accessibility services permissions and exfiltrate SMS and bank data.



  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2023年10月17日13:26:09
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):


匿名网友 填写信息