Saturday, March 2, 2024

Hackers Use SMS Alerts to Install SpyNote Malware

Reports indicate that a Smishing campaign was conducted against Japanese Android users under the name of a Japanese Power and Water Infrastructure company. The SMS contains a link to lure victims into a phishing site.

Once the victims click on the link, mobile malware is downloaded, which was discovered to be the SpyNote malware.

The SMS alerts the users about payment problems in the water or power infrastructure to create a sense of urgency and push them to act swiftly.

Smishing Campaign

The smishing campaigns have a different context for users, including suspension of power transmission due to non-payment and suspension notice of water supply due to non-payment.

Suspension notice of Power Transmission (Source:
Suspension of Water Supply (Source:

Victims who visit these malicious URLs are prompted to install the SpyNote malware.

SpyNote Malware

The source code of SpyNote was leaked in October 2022, after which it spread wide across cybercriminals and is being used for malicious purposes. SpyNote is capable of exploiting accessibility services and device administrator privileges.

It can also steal device location, contacts, SMS messages, and phone calls. Once the malware is installed, it appears with a legitimate app icon to look real.

When the victims open the application, it prompts them to enable the Accessibility feature.

If the victim grants permission, the application disables battery optimization, which allows it to run in the background, and also grants unknown source installation permission for installing another malware without the user’s knowledge or consent, read the McAfee blog post.

This malware was previously found to be attacking the Bank of Japan in April, in which the malware was distributed in a different method.

Threat actors keep up-to-date information about companies with legitimate reasons to contact their customers.

Indicators of Compromise

Command and Control Server

  • 104.233[.]210.35:27772

Malware Samples

SHA256 Hash 

Smishing is one of the social engineering attacks used by threat actors to attack individuals who use SMS for communication. Users of mobile devices are recommended to keep an eye out for these kinds of Smishing campaigns and be vigilant.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles