A new smishing campaign is targeting Japanese Android users with an updated version of the SpyNote malware, according to researchers at McAfee.
In June, attackers impersonated a power and water infrastructure company, sending SMS alerts about payment issues to lure victims onto a rogue website where they were infected with the remote-controlled SpyNote malware. This spyware exploits accessibility services and device administrator privileges, enabling it to steal sensitive user information, including device location, contacts, SMS messages, and phone calls.
The malware disguises itself as the Tokyo Waterworks Bureau and TEPCO Power Transmission to deceive users. SpyNote is commonly distributed through smishing attacks and phishing websites, using legitimate app icons to appear authentic.
In the past, a previous version of SpyNote targeted financial institutions, including the Bank of Japan in April 2023. The spyware’s capabilities allow hackers to track user activities, steal personal and financial data, and remotely control devices. Discovered in 2016, the malware has evolved over the years and remains a significant threat to Android users.
During the last quarter of 2022, ThreatFabric noticed a substantial increase in samples from the SpyNote malware family, indicating its growing prevalence. Additionally, ThreatFabric researchers detected a new variant called SpyNote.C, which specifically targets banking apps, social networking apps, and legitimate services such as the U.S. Postal Service and financial institution HSBC. The research from Capterra highlighted that bogus package delivery scams were the second most common type of SMS phishing scam in 2022, ranking just behind banking schemes.
This alarming trend emphasizes the importance of heightened vigilance and robust cybersecurity measures to protect Japanese Android users from these malicious attacks.