216.73.217.139

Caught in the Act: Uncovering SpyNote in Unexpected Places

· Published 20/06/2025 19:26 · Modified 23/06/2025 23:15

Export JSON

Essential information

Published
20/06/2025 19:26
Modified
23/06/2025 23:15
Tags
2025-06-20 accessibility services android c2 infrastructure data exfiltration device administrator malicious apps open directories spynote spyware
Related entities
2 observables, 2 others

Description

Multiple samples of , a sophisticated , were discovered in , disguised as legitimate apps like Google Translate, Temp Mail, and Deutsche Postbank. The malware exploits and privileges to steal sensitive information from infected devices. Samples were found on various servers, including AWS and SonderCloud Limited, with different command and control (C2) infrastructures. The discovery highlights the ongoing threat of , especially after its source code leak in late 2022, and emphasizes the importance of proactive threat detection and analysis.

External references