Multiple samples of SpyNote, a sophisticated Android spyware, were discovered in open directories, disguised as legitimate apps like Google Translate, Temp Mail, and Deutsche Postbank. The malware exploits accessibility services and device administrator privileges to steal sensitive information from infected devices. Samples were found on various servers, including AWS and SonderCloud Limited, with different command and control (C2) infrastructures. The discovery highlights the ongoing threat of SpyNote, especially after its source code leak in late 2022, and emphasizes the importance of proactive threat detection and analysis. Author: AlienVault
Related Tags:
c2 infrastructure
accessibility services
device administrator
open directories
data exfiltration
SpyNote
Germany
spyware
Finance
Associated Indicators:
5B9BFA06D05172F61D1EE19724FCD12CEC110353
3AAD911B21907053A69B49086A6396C50714ACCB
DC9A821F1E061098188503DBF7518BF263334FCD
B2124D1BA4377ED283FC261FE14A3D49