A cybersecurity company F-Secure has published a new report on harmful spyware dubbed as Spynote app. The report notes that the new spyware spreads via smishing which urges users to install the app on their smartphone using the provided link. When the user clicks on the links, the app gets downloaded to the smartphone. Considering that the app is not listed on the Google Play Store, it doesn’t come under the Google Play protection radar.
SpyNote Can Grant Multiple Permission Itself for Recording Audio, Logging Keystrokes, And Taking Screenshots.
The app is also not easy to trace when installed on our smartphone, as the app launcher doesn’t display the same upon installation. However, when you head to Phone Settings’s App menu it shows that the app is installed successfully. Additionally, the app is also not displayed when a user opens the recently used apps menu.
As per the report, there are several ways that such hidden apps can be launched. The attacker can send a command via SMS, which is then received by the spyware app which then can unhide the icon. The other way the app can get launched is by upon receiving an external trigger or receiving a broadcast for an outgoing phone call which may trigger the app.
Once the app is launched, it then it asks for permission. Once the permission is granted, the app grants multiple permissions itself for recording audio and phone calls, logging keystrokes, and taking screenshots. The app can steal a variety of information such as key strokes, call logs, and other information of installed applications.
The folks at F-Secure also found services dubbed as the “diehard services” in the app which is designed to make it tough to uninstall the app both by user and Android system itself. The only way the app can be uninstalled is by performing a factory reset which no doubt will cause loss of data.
In order to stay safe from such spyware, users are always advised to install the apps from the Google Play Store. Also, it is worth noting that users stay cautious when they are installing third-party apps from any provided links via an unknown number via SMS.
