Hackers and thieves are always looking for new ways to spread their payloads and get their target. Earlier this month, Unit 42 of Palo Alto Networks discovered a brand new threat while trolling through malware discussion forums.
Dubbed SpyNote, this little nasty is a R.A.T (Remote Administration Tool) with a laundry list of backdoor features. SpyNote allows an attacker to do anything they want with your device. A few of the more popular features are:
No root access required
Install new APKs and update the malware
Copy files from device to computer
View all messages on the device
Listen to calls made on the device
List all the contacts on the device
Listen live or record audio from the device’s microphone
Gain control of the camera on the device
Get IMEI number, Wi-Fi MAC address, and cellphone carrier details
Get the device’s last GPS location
Make calls on the device
This certainly isn’t the first tool like this that has been seen, a few months ago we covered Dendroid which creates similar payloads and packages them inside any APK. While the malicious app does need user granted permissions to work, wrapping the application in another APK proves to be a successful method of distribution.
Droidjack proved this earlier this month when an infected version of Pokémon Go circulated the web. As of now, SpyNote has not been seen in the wild, but researchers are convinced its only a matter of time.
Carl is an Android enthusiast that got his start with an HTC Hero. Quickly tiring of not being able to change certain things about the device, he sought out the means to do what he wanted; Enter XDA Developers. After spending immense amounts of time on the forums learning, building and sharing, Carl decided to pursue higher education to increase his understanding and focus on a direction in the mobile world. Primarily focusing on security and privacy, Carl intends to gain his CEH and Reverse Engineer malware.