SpyNote (Malware Family)

SpyNote

aka: CypherRat

Actor(s): OilRig

According to Cleafy, SpyNote abuses Accessibility services and other Android permissions in order to: Collect SMS messages and contacts list; Record audio and screen; Perform keylogging activities; Bypass 2FA; Track GPS locations.

References

2024-11-21 ⋅ Intrinsec ⋅ CTI Intrinsec, Intrinsec
PROSPERO & Proton66: Uncovering the links between bulletproof networks
Coper SpyNote FAKEUPDATES GootLoader EugenLoader

2024-11-20 ⋅ Intrinsec ⋅ Equipe CTI
PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks
Coper SpyNote FAKEUPDATES GootLoader EugenLoader IcedID Matanbuchus Nokoyawa Ransomware Pikabot

2024-10-08 ⋅ Hunt.io ⋅ Hunt.io
Inside a Cybercriminal’s Server: DDoS Tools, Spyware APKs, and Phishing Pages
SpyNote

2024-06-26 ⋅ Group-IB ⋅ Group-IB
Craxs Rat, the master tool behind fake app scams and banking fraud
CraxsRAT SpyMax SpyNote

2024-06-20 ⋅ Hunt.io ⋅ Michael R
Caught in the Act: Uncovering SpyNote in Unexpected Places
SpyNote

2024-02-19 ⋅ Fortinet ⋅ Axelle Apvrille
Android/SpyNote bypasses Restricted Settings + breaks many RE tools
SpyNote

2024-02-15 ⋅ Fortinet ⋅ Axelle Apvrille
Android/SpyNote Moves to Crypto Currencies
SpyNote

2023-07-31 ⋅ Cleafy ⋅ Francesco Iubatti
SpyNote continues to attack financial institutions
SpyNote

2023-05-10 ⋅ K7 Security ⋅ Baran S
spynote
SpyNote

2023-01-05 ⋅ Bleeping Computer ⋅ Bill Toulas
SpyNote Android malware infections surge after source code leak
SpyNote

2023-01-05 ⋅ ThreatFabric ⋅ ThreatFabric
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyMax SpyNote

2022-12-06 ⋅ ⋅ 360 Threat Intelligence Center ⋅ 360 Beacon Lab
Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism
AhMyth Meterpreter SpyNote AsyncRAT

2022-08-17 ⋅ ⋅ 360 ⋅ 360 Threat Intelligence Center
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT

2022-08-10 ⋅ K7 Security ⋅ Baran S
spynote
SpyNote

2021-09-21 ⋅ civilsphereproject ⋅ civilsphereproject
Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN
SpyNote

2021-04-21 ⋅ Facebook ⋅ David Agranovich, Mike Dvilyanski
Taking Action Against Hackers in Palestine
SpyNote Houdini NjRAT

2020-12-10 ⋅ Intel 471 ⋅ Intel 471
No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT

2020-12-01 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center
Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed
SpyNote BladeHawk

2020-07-15 ⋅ Relativity ⋅ Bartlomiej Czyż
An in-depth analysis of SpyNote remote access trojan
SpyNote

2020-03-31 ⋅ Volexity ⋅ Volexity Threat Research
Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign
SpyNote Stitch Godlike12 Storm Cloud

2019-04-30 ⋅ ClearSky ⋅ ClearSky Cyber Security
Raw Threat Intelligence 2019-04-30: Oilrig data dump link analysis
SpyNote OopsIE

There is no Yara-Signature yet.

SpyNote Propose Change

References

SpyNote