A new version of the SpyNote spyware is able to target banking apps and use advanced capabilities like keylogging to steal usernames and passwords for bank accounts, social media and more.
As noted by researchers at ThreatFabric, the new spyware is part of the SpyNote family, which are Trojan horse programs able to turn on a device's camera to take pictures and videos, steal personal locations through GPS information, steal user information for social media platforms, steal bank account information through keylogging and even stealing two-factor verification through the Google Authenticator app.
This new version, known as CypherRat, has been active since 2021. Its code was leaked to the net back in October and since then, experts have been able to track a sharp rise in cyberattacks using it.
What makes this spyware so sophisticated is that it is able to essentially impersonate apps from well-known established banks, such as HSBC (which is active in Israel) and Deutsche Bank. What's even worse is that it can also impersonate other well-known and commonly used apps like Facebook, WhatsApp and even Google Play.
In other words, it can disguise itself as any legitimate app.
These fake apps are distributed through third-party sites and landing pages in a sophisticated phishing scheme, tricking the unsuspecting victims into downloading apps that seem legitimate, reeling them into this malicious trap.
"SpyNote is a very well-known tool in the Android world in recent years, and many cyber attackers use it to bring malware into a legitimate app, creating a new one that lets them have full access to the device."Sahar Avitan
How can you keep yourself safe from SpyNote spyware?
"SpyNote is a very well-known tool in the Android world in recent years, and many cyber attackers use it to bring malware into a legitimate app, creating a new one that lets them have full access to the device," Kayran CEO Sahar Avitan told Walla.
However, "Most high-quality antiviruses on the market today can spot the signatures of SpyNote to help protect your device from it," Avitan reassured.
He also recommended double-checking the source you're using to download to avoid downloading malware.
If you aren't sure if the site is safe or not, Avitan said to only use the official Google Play Store app – and only the one that came pre-installed on your phone.
But as noted by cyberintelligence researcher Tom Malka, the current wave of SpyNote cyberattacks are very sophisticated, even using a Google ads advertising campaign to promote their malicious sites.
But SpyNote can still leave traces that will identify it as spyware by antivirus programs. For that reason, Malkia suggests installing some, like MalwareBytes, Norton or Kaspersky, on your smartphone and periodically scanning it to make sure no malicious spyware has nested itself there.