Hackers used a malicious Android app created using the SpyNote tool for high-precision attacks. The threat analysis was conducted by CYFIRMA. The targets could be valuable assets that are potentially of interest to APT groups (advanced threat actors).
The malware was distributed via WhatsApp under the guise of files with the names «Best Friend», «Friend», etc. After installation, the app ran in the background, masking its presence. It gained access to geolocation, contacts, SMS, camera and other device data.
SpyNote allows attackers to intercept calls, collect system information, take screenshots and copy user data. All collected data was transmitted to the management server. This tool is also used by hacker groups OilRig (APT34) and APT-C-37 for espionage and data theft.
Overall, the tool is a serious threat, as it remains available on underground forums and Telegram channels. Attacks using SpyNote show that attackers prefer proven means to compromise important targets.