SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
5 Aug 2016

New Trojan SpyNote installs backdoor on Android devices

A new Android Trojan called SpyNote has been identified by researchers who warn that attacks are forthcoming.

The Trojan, found by Palo Alto Networks’ Unit 42 team, has not been spotted in any active campaigns. But Unit 42 believes because the software is now widely available on the Dark Web, that it will soon be used in a wave of upcoming attacks.

Unit 42 discovered the Trojan while monitoring malware discussion forums. Researchers say that’s where they found a malware builder tool specifically designed to be used to create multiple versions of SpyNote Trojan. SpyNote, according to the Unit 42 team, has a wide range of backdoor features that include the ability to view all messages on a device, eavesdrop on phone calls, activate the phone’s camera or microphone remotely or track the phone’s GPS location.

The APK (Android application package file) containing the remote access tool (RAT) SpyNote, gives an attacker complete access to a victim’s phone. SpyNote is similar to other remote administration tools such as OmniRat and DroidJack. Droidjack made news earlier this month when researchers at Proofpoint found a rigged version of the massively popular game Pokémon Go with the Trojan. OmniRat is similar in function and was first spotted in Germany in November by researchers who said targeted victims received a text message asking them to download an app to view an image.

Once installed, SpyNote is hard to get rid of, according to the Unit 42 team. Once installed the Trojan will remove the SpyNote application icon from the victim’s phone and install new APKs and update the malware. “The SpyNote APK requires victims to accept and give SpyNote many permissions, including the ability to edit text messages, read call logs and contacts, or modify or delete the contents of the SD card,” according to a technical description of malware by Unit 42. Palo Alto Networks’ Unit 42 team has gleaned important details of SpyNote from what it identifies as a video demonstrating the capabilities of the malware. In the video hacking tutorial a user appears to be running SpyNote through its paces showing a remote takeover of an Android device.

“The uploader might be following the instructions described in YouTube videos on using SpyNote, considering the port number used is exactly the same as in the videos and the uploader only changes the icon of the APK file,” wrote Jacob Soo, with Palo Alto Networks’ Unit 42 team in the technical write up on the malware. Unit 42 asserts SpyNote is configured to communicate with a command and control server via IP address via TCP using hard-coded SERVER_IP and SERVER_PORT values. That has given researchers the ability to extract C2 information from the malware. Unlike the closely related RATs OmniRat and DroidJack, researchers say they have not seen SpyNote in the wild therefore determining how attackers might lure victims into downloading the Android APK is still an unknown.

Tags:
Android information leaks SpyNote trojan
Source:
Threatpost
3017
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015