Operators of the SpyNote Android banking trojan have updated the payload to impersonate legitimate cryptocurrency wallets and facilitate cryptocurrency exfiltration, which represents a significant shift from the malware's prior focus on account credentials, according to Hackread.
Widely used cryptocurrency wallets have been targeted by SpyNote through the exploitation of the Accessibility API that would then facilitate automated form completion and cryptocurrency transfers to the account of the attackers, a report from Fortinet FortiGuard Labs showed. Anti-analysis features have also been integrated into the app, which was targeted at individuals using banking apps and mobile cryptocurrency wallets. The findings have prompted researchers to urge increased vigilance toward apps seeking Accessibility API requests. Such a development comes months after SpyNote, which was originally aimed at users of APK apps, was reported by the Cleafy Threat Intelligence Team to have been used in social engineering attacks against European financial entities that lured targets into downloading a fraudulent banking app.
Widely used cryptocurrency wallets have been targeted by SpyNote through the exploitation of the Accessibility API that would then facilitate automated form completion and cryptocurrency transfers to the account of the attackers, a report from Fortinet FortiGuard Labs showed. Anti-analysis features have also been integrated into the app, which was targeted at individuals using banking apps and mobile cryptocurrency wallets. The findings have prompted researchers to urge increased vigilance toward apps seeking Accessibility API requests. Such a development comes months after SpyNote, which was originally aimed at users of APK apps, was reported by the Cleafy Threat Intelligence Team to have been used in social engineering attacks against European financial entities that lured targets into downloading a fraudulent banking app.
