Be warned! A powerful and potent form of Android malware known as the SpyNote family or ‘SpyMax’ is on the prowl, with a mission to steal your bank details and password, as well as your social media pages.
The malware has been around since 2021, but several variants have been created and have been identified as possessing Remote Trojan Access (RAT) – used to steal victims’ credentials for financial gain. The latest version of the spyware has been openly directed at banking apps.
Since its source code was made available to cyber criminals in 2021, reports of the CyberRat attacks have skyrocketed as they attempt to infiltrate your bank account. CyberRat typically masquerade as a legitimate banking app such as HSBC and Deutsche Bank, as a part of the phishing attack, drawing unwitting users into downloading fake versions that install straight onto their Android devices.
To steal your banking credentials, the app presents a bogus login page that looks identical to your bank’s login, and using a keylogger, tracks the usernames and passwords entered.
After installation, the malicious software gains control over the device enabling it to track your SMS messages, calls, create video and audio recordings, track the location of the device and uses Accessibility (A11y) to extract MFA codes from Google Authenticator.
Unfortunately, after installation, the malware gains device administration privileges, making it difficult for users to uninstall.
The malware has also been identified as ‘CypherRat’ masquerading as other popular applications such as WhatsApp, Facebook and Google Play.
Be sure to protect yourself from falling foul to SpyNote and its variants! Only download applications from official sources, such as the Google Play Store or your bank’s official website, and regularly run a virus removal tool on all of your devices.
We recommend Fortinet’s Fortiguard Advanced Malware Protection. You can find out more about Fortigate in a previous blog here.
