Caught in the Act: Uncovering SpyNote in Unexpected Places
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
Multiple samples of SpyNote, a sophisticated Android spyware, were discovered in open directories, disguised as legitimate apps like Google Translate, Temp Mail, and Deutsche Postbank. The malware exploits accessibility services and device administrator privileges to steal sensitive information from infected devices. Samples were found on various servers, including AWS and SonderCloud Limited, with different command and control (C2) infrastructures. The discovery highlights the ongoing threat of SpyNote, especially after its source code leak in late 2022, and emphasizes the importance of proactive threat detection and analysis.
OPENCTI LABELS :
data exfiltration,spyware,android,spynote,c2 infrastructure,open directories,accessibility services,device administrator,malicious apps
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Caught in the Act: Uncovering SpyNote in Unexpected Places