Newly Registered Domains Distributing SpyNote Malware

(520) 462-0516

Newly Registered Domains Distributing SpyNote Malware

Cybercriminals are employing deceptive websites on newly registered domains to distribute AndroidOS SpyNote malware. These sites imitate the Google Chrome install page on the Google Play Store, tricking users into downloading SpyNote, a powerful Android remote access trojan. SpyNote is used for surveillance, data exfiltration, and remote control of infected devices. The investigation uncovered multiple domains, IP addresses, and APK files associated with this campaign. The malware utilizes various C2 endpoints for communication and data exfiltration, with functions designed to retrieve and manipulate device information, contacts, SMS, and applications. Author: AlienVault

Related Tags:
SpyNote

RAT

android

AlienVault OTX

AlienVault

Phishing

Associated Indicators:
47E16F032D879CC27592F77230C9F6363E7929A03F3AA60FB409EE1F08BCB773

19CEBEEBDBD950EA24E4D3A52BFDE6E570A9AC29D31E97CB8C01894C4FA9014B

115853B1822C373672D841AC802322C7E2401C7BA75F73E0553D9F897E91E4D4

C55CE2239E6C528DAC9F0E2337D778E384E8BFB8AF8467FE75F65E79E6BCE1FE

F42DAEFE546B9079BAB9FAC2F17311E96EB3F0D2CA3AF01867311EFAC2B8E757

3AA4FAC350BC2FAD58360A1864FAE7DB417E4B85B921CAA98B67C9235EF0A49C

3FB083A248E44DCE1AA67926D0FE42542822C57E19921CB566E1E85A5284DDE2

482EB4AA6DC6F873063B7B6B5378BD052298CC6F8E60B6A5DDC9BEBA56D0B05F

D36EF38009DAB4BE287978190F824245D40BD2B6B6B101BA5FE37BFF80662CF6

Threat Intel Solutions

Newly Registered Domains Distributing SpyNote Malware

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us