Technology Tips

January 07, 2023

Android Malware Targets Financial Institutions

Written By Securafy Team

Since October 2022, a new kind of malware has been targeting financial institutions. A widespread and powerful type of Android malware has turned its focus to online banking apps, employing keylogging capabilities to steal passwords and usernames for bank accounts, social networking accounts, and other accounts stored in your Android device.

Researchers at the cybersecurity firm ThreatFabric have described the virus that belongs to the SpyNote family as a type of trojan spyware that has been active since 2016 and allows cybercriminals to monitor and alter users' activities on Android smartphones without being detected.

The newest SpyNote edition, marketed to online criminals as CypherRat, has been operational since late 2021. However, after the source code was published online in October 2022, researchers saw a sharp increase in CypherRat samples and campaigns.

Some famous institutions impersonated by this ransomware include HSBC U.K., Deutsche Bank, Kotak Mahindra Bank, and Nubank.

The feature-rich SpyNote malware can install arbitrary apps, collect SMS messages, calls, videos, and audio recordings, monitor GPS positions, and even prevent attempts to delete the app.

Additionally, it mimics the behavior of other banking malware by requesting access to services in order to extract two-factor authentication (2FA) tokens from Google Authenticator. The malware also records keystrokes in order to steal banking credentials.

The most recent version of SpyNote, known as SpyNote.C, also includes features for stealing Facebook and Gmail passwords and capturing screen information using Android's MediaProjection API. Experts say this is the first variant to affect banking applications and other well-known apps like Facebook and WhatsApp.

SpyNote.C has also been known to impersonate the official Google Play Store service and other generic programs covering the wallpaper, productivity, and gaming categories.

According to estimates, between August 2021 and October 2022, 87 unique consumers bought SpyNote.C after its developer, CypherRat, promoted it through a Telegram channel. However, a dramatic rise in the number of samples was seen when CypherRat became open source in October 2022, indicating that other criminal organizations are using the malware for their operations.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.