Hackers and thieves are always looking for new ways to spread their payloads and get their target. Earlier this month, Unit 42 of Palo Alto Networks discovered a brand new threat while trolling through malware discussion forums.
Dubbed SpyNote, this little nasty is a R.A.T (Remote Administration Tool) with a laundry list of backdoor features. SpyNote allows an attacker to do anything they want with your device. A few of the more popular features are:
- No root access required
- Install new APKs and update the malware
- Copy files from device to computer
- View all messages on the device
- Listen to calls made on the device
- List all the contacts on the device
- Listen live or record audio from the device’s microphone
- Gain control of the camera on the device
- Get IMEI number, Wi-Fi MAC address, and cellphone carrier details
- Get the device’s last GPS location
- Make calls on the device
This certainly isn’t the first tool like this that has been seen, a few months ago we covered Dendroid which creates similar payloads and packages them inside any APK. While the malicious app does need user granted permissions to work, wrapping the application in another APK proves to be a successful method of distribution.
Droidjack proved this earlier this month when an infected version of Pokémon Go circulated the web. As of now, SpyNote has not been seen in the wild, but researchers are convinced its only a matter of time.
Source Link: ThreatPost