Phishing, Malware

Bogus Google Play pages tapped for SpyNote malware distribution

Apps submitted to Google Play are now reviewed by &#8216;experts&#8217;

Android remote access trojan SpyNote has been deployed through fraudulent Google Play websites on newly registered domains as part of a new attack campaign, reports Infosecurity Magazine.

Suspected China-linked threat actors have created seemingly legitimate Google Play listings for TikTok and other widely used apps that facilitate malicious APK file downloads upon clicking the fake "Install" button, findings from DomainTools showed. Installation of the APK prompts the delivery of another APK, which results in the execution of SpyNote that features text message, call log, and contact intercepting, remote camera and microphone activating, GPS tracking, keystroke logging, and phone call recording capabilities. Aside from allowing the installation of more malicious apps, SpyNote also exploits accessibility services for persistence, according to DomainTools researchers. Such a development comes after SpyNote which was previously linked to the APT-C-37 and APT34, or OilRig, advanced persistent threat operations was leveraged in cyberespionage attacks against the Indian military.

Related

Novel tactic ensures stealthy Atlas Lion attacks

Moroccan cybercrime operation Atlas Lion which sets its sights on major retailers, restaurants, and other gift card-giving organizations has been integrating their virtual machines into targeted entities' cloud domains via breached credentials to facilitate covert intrusions, according to The Record, a news site by cybersecurity firm Recorded Future.

Lovable AI most likely to be harnessed in phishing

Lovable AI most likely to be harnessed in phishing App building generative artificial intelligence platform Lovable was significantly more vulnerable to being jailbroken to facilitate phishing campaigns, compared with Anthropic's Claude and OpenAI's ChatGPT large language models, having scored the lowest on VibeScamming tests, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds