Malware News New SpyNote Android RAT Leaks Online

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
The builder for a new type of Android remote access trojan (RAT) has recently leaked on malware discussion forums, and security vendors expect this new malware to start infecting users in the immediate future.

Palo Alto Networks experts say that this new RAT, nicknamed SpyNote, is similar, feature-wise, to other well-known Android RATs such as OmniRat and DroidJack.

Based on the features they've discovered, Palo Alto says that SpyNote allows attackers a wide range of intrusive actions.

SpyNote features a big feature set
This includes the ability to update itself, download and install new apps, view SMS messages, listen to calls, make calls, retrieve the contact list, and get technical details such as the device's IMEI number, Wi-Fi MAC address, and cell-phone carrier details.

Additionally, the RAT allows crooks to get the phone's last GPS location, listen or record audio via the device's microphone, or even access the video camera in real-time.

All of these were possible without SpyNote having to gain root access on the device, albeit, the app in which the RAT was hidden, would ask for a large number of permissions, raising suspicions for attentive users.

No root access required
Currently at version 2, SpyNote features a builder that will allow crooks to create their own version of the RAT, which will communicate with custom C&C servers configured during the building process.

It is unknown if the RAT will be available as an open tool, or as a paid-for malware on underground hacking forums. Common sense would dictate that its authors would opt for the second option, but with the builder leaked, they might have a hard time monetizing their malware.

Below is a video presentation of SpyNote features, along with an image of the control panel the crooks would use to control infected devices.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top