Digital Creations LLC
Digital Creations LLC

Blog details

16 Oct

Oct 16, 2023NewsroomMalware / Mobile Security

SpyNote Android Trojan

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features.

Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure.

Besides requesting invasive permissions to access call logs, camera, SMS messages, and external storage, SpyNote is known for hiding its presence from the Android home screen and the Recents screen in a bid to make it difficult to avoid detection.


“The SpyNote malware app can be launched via an external trigger,” F-Secure researcher Amit Tambe said in an analysis published last week. “Upon receiving the intent, the malware app launches the main activity.”

But most importantly, it seeks accessibility permissions, subsequently leveraging it to grant itself additional permissions to record audio and phone calls, log keystrokes, as well as capture screenshots of the phone via the MediaProjection API.

A closer examination of the malware has revealed the presence of what are called diehard services that aim to resist attempts, either made by the victims or by the operating system, at terminating it.

SpyNote Android Trojan

This is accomplished by registering a broadcast receiver that’s designed to restart it automatically whenever it is about to be shut down. What’s more, users who attempt to uninstall the malicious app by navigating to Settings are prevented from doing so by closing the menu screen via its abuse of the accessibility APIs.

“The SpyNote sample is spyware that logs and steals a variety of information, including key strokes, call logs, information on installed applications, and so on,” Tambe said. “It stays hidden on the victim’s device making it challenging to notice. It also makes uninstallation extremely tricky.”


“The victim is eventually left only with the option of performing a factory reset, losing all data, thereby, in the process.”

The disclosure comes as the Finnish cybersecurity firm detailed a bogus Android app that masquerades as an operating system update to entice targets into granting it accessibility services permissions and exfiltrate SMS and bank data.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Digital Creations is an IT company providing solutions for businesses to accomplish their goals currently and in the future.

Contact Info

Follow Us

Cart(0 items)

No products in the cart.

Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
Click outside to hide the comparison bar