WhatsApp fake (Photo: ShutterStock)
A new version of the spyware SpyNote targets banking applications, and uses advanced capabilities such as copying codes and keylogging to steal usernames and passwords for bank accounts, social media, and more.
According to security researchers at ThreatFabric, the new spy software is part of the SpyNote family of spies, which are a Trojan horse with advanced capabilities such as the ability to activate the device's camera to take photos and videos, stealing details such as location through the GPS component and tracking networks, stealing user information of social networks like Facebook, stealing username and password for apps and banking sites by tracking typing, and even being able to steal one-time two-step verification codes from the Google Authenticator app.
The new version, called CypherRat, has been active since 2021, and its code was leaked to the network last October, and since then researchers have detected a significant increase in attacks based on it.
The sophisticated part of the new Rogela is that it pretends to be applications from well-known banks such as Deutsche Bank or HSBC (the latter is also active in Israel) and worse - for well-known applications such as WhatsApp, Facebook or even the application of the Google app store, Google Play.
It should be noted that she is able to impersonate any legitimate application.
The new spy is, as mentioned, part of the SpyNote spy family, which is a Trojan horse with advanced capabilities such as the ability to activate the camera (Photo: Pixabay.com)
The fake versions of the known apps are distributed through third-party websites and landing pages, in a rather sophisticated manner, and through phishing lures, which lead the victims to download and install the apps directly from websites that appear to be legitimate - and many fall into the malicious trap and install the app that looks innocent, but contains the spyware inside .
"SpyNote is a very well-known tool in the Android world in recent years and many attackers use it to "inject" malicious code into a legitimate application and thus create a new application that allows full access to the device," explains Sahar Avitan, the CEO, in a conversation with "Walla! Technology" and the owner of the Kieran company.
"Most of the high-quality antiviruses on the market today will be able to identify the signatures that SpyNote leaves behind and protect the device from it," reassures Avitan.
He also recommends always checking the source from which you are about to download the application, and making sure that you do want to download content from there.
If you're not sure, Sahar recommends looking for the app you want in the official Google Play Store only (the one that came already installed with your smartphone), and downloading only from there.
In this context, cyber intelligence researcher Tom Malka tells us that it is important to note that the application does not ask us to change settings on the phone in order to install it, and especially not to confirm the possibility of installation from external sources, which would allow the dangerous rogue to penetrate your phone.
Malka also notes the sophistication of the operators of the current wave of attacks based on SpyNote, who even used an advertising campaign of Google ads to promote their trap sites.
The good thing is, as mentioned, that SpyNote leaves behind traces that anti-virus programs are able to detect, and Malka recommends installing anti-virus software on the smartphone and performing a periodic scan, to make sure we have not been infected.
privacy and security