Wednesday, May 7, 2025
HomeAndroidSpynote Android Malware Targeting Financial Institutions to Steal Sensitive Information

Spynote Android Malware Targeting Financial Institutions to Steal Sensitive Information

Published on

SIEM as a Service

Follow Us on Google News

Since October 2022, a new version of Android malware known as SpyNote (aka SpyMax) has been targeting financial institutions as a means of stealing information. It is interesting to note that this new version incorporates both the characteristics of spyware and banking trojans.

ThreatFabric recently reported that it has become a familiar phenomenon for attackers to use Android Spyware in order to gain access to sensitive data and commit fraud and steal personal information from their victims.

As a result of the developer of the spyware making the source code public, there has been an increase in the number of users, which is the result of the spyware being sold to other actors previously.

- Advertisement - Google News

SpyNote Targeting Financial Institutions

This has facilitated the development and distribution of spyware by other actors, who often target banks as well. It is worth noting that the malware impersonates a number of notable institutions, including those listed below:-

  • Deutsche Bank
  • HSBC U.K.
  • Kotak Mahindra Bank
  • Nubank
spyware pages

In addition to its many features, SpyNote has a wealth of capabilities that can enable it to install and uninstall any application on your device or even execute arbitrary code.

Additionally, it requests access to accessibility services in a manner similar to other banking malware. This is done in order to carry out the following illicit activities:-

Moreover, SpyNote provides a wide range of features regarding password burglary, including hacking Facebook and Google accounts, as well as the ability to take screenshots using Android’s MediaProjection API in order to capture screen content.

Capabilities of SpyNote

Here below we have mentioned all the key abilities of the SpyNote:-

  • Phishing
  • Smishing
  • SMS collection
  • Contact Collection
  • Call list
  • Capture Screen
  • Key logger
  • 2FA Grabber
  • hRAT
  • Prevent Uninstall (ally)
  • AV evasion

Besides masquerading as an official Google Play Store service, it has also been found to masquerade as a generic application. Listed below are a few artifacts that are commonly delivered through smishing and are responsible for SpyNote being accurate:-

  • Bank of America Confirmation (yps.eton.application)
  • BurlaNubank (com.appser.verapp)
  • Conversations_ (com.appser.verapp )
  • Current Activity (com.willme.topactivity)
  • Deutsche Bank Mobile (com.reporting.efficiency)
  • HSBC UK Mobile Banking (com.employ.mb)
  • Kotak Bank (splash.app.main)
  • Virtual SimCard (cobi0jbpm.apvy8vjjvpser.verapchvvhbjbjq)

It is estimated that between August 2021 and October 2022, SpyNote.C was purchased by 87 different buyers after it was advertised through a Telegram channel called CypherRat by the developer of the program.

However, since CypherRat became open-source in October 2022, the number of samples detected in the wild has increased dramatically as a result of open-source availability. It has been suggested that some criminal groups are using the malware to co-opt the programmer to further their own criminal agendas.

ThreatFabric has since remarked that the actual author has begun work on CraxsRat, a similar spyware application that will be offered as a paid service.

There are always new and innovative threats being presented to mobile users as Android Spyware evolves and becomes increasingly prevalent in the Android ecosystem.

In addition to monitoring the mobile threat landscape, ThreatFabric’s researchers follow the activities of various actors and campaigns to ensure that they are always up to date and help users in mitigating such scenarios.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...