Hackers used a malicious Android app created using the SpyNote tool for high-precision attacks. The threat analysis was conducted by CYFIRMA. The targets could be valuable assets that are potentially of interest to APT groups (advanced threat actors).
The malware was distributed via WhatsApp under the guise of files with the names «Best Friend», «Friend», etc. After installation, the app ran in the background, masking its presence. It gained access to geolocation, contacts, SMS, camera and other device data.
SpyNote allows attackers to intercept calls, collect system information, take screenshots and copy user data. All collected data was transmitted to the management server. This tool is also used by hacker groups OilRig (APT34) and APT-C-37 for espionage and data theft.
Overall, the tool is a serious threat, as it remains available on underground forums and Telegram channels. Attacks using SpyNote show that attackers prefer proven means to compromise important targets.
< IMG SRC = "/Uploads/Blogs/AA/9E/IB-FRIMVDTUL_DF4A499E.jpg" Alt = "Japanese developers presented a project of a new…
< img src = "/uploads/blogs/c4/34/ib-free0affp_f4a4999ea.jpg" Alt = "Nigerian developers presented the first domestic shock drone…
< img src = "/uploads/blogs/10/30/30/ib-ibqggn4_2a6bb1cb.jpg" Alt = "& quot; quot; us will absorb spam &…
< IMG SRC = "/Uploads/Blogs/B6/AE/IB-FRIIEMCK_680FA9F3.jpg" Alt = "Samsung Galaxy S25 Support will last 8 years:…
< IMG SRC = "/Uploads/Blogs/56/45/IB-FRIH27MS8_A2383DA0.jpg" Alt = "The owner of telegram channel is suspected of…
< img src = "/uploads/blogs/6e/03/ib-ib-Frii6o5fm_ca29914b.jpg" Alt = "Woman received suspicion of active justification of the…