The notorious SpyNote malware is making a comeback thanks to a novel campaign. This remote access trojan has many malicious features and is also quite challenging to remove from an infected Android smartphone.
According to security researchers, this time it is being spread through fake websites hosted on recently registered domains; the sites in question imitate Google Play Store app pages with incredibly accurate detail in order to deceive users into downloading infected files rather than the apps they’re looking for.
The fraudulent sites include comprehensive details such as image carousels with screenshots of the supposed programs in issue, install buttons, and code traces, all of which are common visual aspects used to create an illusion of legitimacy.
When a user clicks on the install button on one of these fake sites, JavaScript code is run, resulting in the download of a malicious APK file. This dropper APK calls a function to launch a second, embedded APK. This secondary payload contains the malware’s basic functionality and allows it to communicate with the threat actors’ co
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: