Hackers used a malicious Android app created using the SpyNote tool for high-precision attacks. The threat analysis was conducted by CYFIRMA. The targets could be valuable assets that are potentially of interest to APT groups (advanced threat actors).
The malware was distributed via WhatsApp under the guise of files with the names «Best Friend», «Friend», etc. After installation, the app ran in the background, masking its presence. It gained access to geolocation, contacts, SMS, camera and other device data.
SpyNote allows attackers to intercept calls, collect system information, take screenshots and copy user data. All collected data was transmitted to the management server. This tool is also used by hacker groups OilRig (APT34) and APT-C-37 for espionage and data theft.
Overall, the tool is a serious threat, as it remains available on underground forums and Telegram channels. Attacks using SpyNote show that attackers prefer proven means to compromise important targets.
< img src = "/uploads/blogs/5E/1b/ib-fqfpsUpd5_efc527b.jpg" Alt = "wi-fi is always side by side: Top-8 ideal…
< IMG SRC = "/Uploads/Blogs/89/C6/IB-FQF5MMBL4_26152cc6.jpg" Alt = "The production of chips in the United States…
< Img src = "/uploads/blogs/29/43/ib-Fqfunhg5h_5237c6fc6fc.jpg" Alt = "& quot; quot; the smartest shi & quot;…
< img src = "/uploads/blogs/60/65/ib-FQG3GQRGV_046E4.jpg" Alt = "iPhone users are advised not to update to…
The Vatican publishes a new message. < img src = "https://zycie.news/crrops/2ba248/620x0/1/0/2022/05/11/rokh6xosypkDyjti5dhcenaffrxu195j9zviiii2s.png" alt = "Pope Franciszek/Screen…
< img src = "/uploads/blogs/f8/4f/ib-1ikpu8nf3_45ce7efa.jpg" Alt = "Dubai and Ilon Musk trigger an underground transport…