Thursday, June 20, 2024

Hackers Use SMS Alerts to Install SpyNote Malware

Reports indicate that a Smishing campaign was conducted against Japanese Android users under the name of a Japanese Power and Water Infrastructure company. The SMS contains a link to lure victims into a phishing site.

Once the victims click on the link, mobile malware is downloaded, which was discovered to be the SpyNote malware.

The SMS alerts the users about payment problems in the water or power infrastructure to create a sense of urgency and push them to act swiftly.

Smishing Campaign

The smishing campaigns have a different context for users, including suspension of power transmission due to non-payment and suspension notice of water supply due to non-payment.

Suspension notice of Power Transmission (Source:
Suspension of Water Supply (Source:

Victims who visit these malicious URLs are prompted to install the SpyNote malware.

SpyNote Malware

The source code of SpyNote was leaked in October 2022, after which it spread wide across cybercriminals and is being used for malicious purposes. SpyNote is capable of exploiting accessibility services and device administrator privileges.

It can also steal device location, contacts, SMS messages, and phone calls. Once the malware is installed, it appears with a legitimate app icon to look real.

When the victims open the application, it prompts them to enable the Accessibility feature.

If the victim grants permission, the application disables battery optimization, which allows it to run in the background, and also grants unknown source installation permission for installing another malware without the user’s knowledge or consent, read the McAfee blog post.

This malware was previously found to be attacking the Bank of Japan in April, in which the malware was distributed in a different method.

Threat actors keep up-to-date information about companies with legitimate reasons to contact their customers.

Indicators of Compromise

Command and Control Server

  • 104.233[.]210.35:27772

Malware Samples

SHA256 Hash 

Smishing is one of the social engineering attacks used by threat actors to attack individuals who use SMS for communication. Users of mobile devices are recommended to keep an eye out for these kinds of Smishing campaigns and be vigilant.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

1inch, a leading DeFi aggregator that provides advanced security solutions to users across the...

Hackers Exploit Progressive Web Apps to Steal Passwords

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs)...

INE Security: Optimizing Teams for AI and Cybersecurity

2024 is rapidly shaping up to be a defining year in generative AI. While...

Threat Actor Claims Breach of Jollibee Fast-Food Gaint

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation,...

Threat Actors Claiming Breach of Accenture Employee Data

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of...

Diamorphine Rootkit Exploiting Linux Systems In The Wild

Threat actors exploit Linux systems because they are prevalent in organizations that host servers,...

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles