This Android malware is spreading like wildfire after going open source – how to stay safe
We could potentially see even more malicious apps spreading Android malware than we did last year now that the source code of a popular malware strain has been posted online.
During the final quarter of 2022, there was a significant increase in detections of the SpyNote or SpyMax Android malware family. This was attributed to the fact that the creator of CypherRat – which is based on SpyNote – posted the malware strain’s source code on GitHub.
What makes CypherRat particularly dangerous is that it combines SpyNote’s spying capabilities (which include remote access, GPS tracking and device status and activity updates) with features found in banking trojans used to impersonate popular banks and steal users’ account credentials, according to BleepingComputer (opens in new tab).
Although CypherRat was initially sold through private Telegram channels between August of 2021 and October of 2022, its creator eventually decided to make the malware open source after other cybercriminals impersonated the project on hacking forums.
Custom CypherRat variants
With the source code to CypherRat in hand, cybercriminals began launching their own campaigns using the malware. Shortly after the malware’s source code was published on GitHub, custom variants of CypherRat began to appear online impersonating Bank of America, HSBC, Deutsche Bank and other popular banks.
However, other cybercriminals used CypherRat’s source code to target a wider audience by creating fake versions of popular apps including the Google Play Store, WhatsApp and Facebook.
In a blog post (opens in new tab) detailing its investigation into the matter, ThreatFabric revealed that it had also observed attackers creating malicious apps impersonating utilities like wallpaper and productivity apps as well as gaming apps.
Now that CypherRat’s source code is out in the open, we’ll likely see other malicious apps being used to infect the best Android phones and tablets with this powerful malware.
Abusing accessibility features to spy on users
Just like with other malware strains, CypherRat and other SpyNote variants leverage Android’s built-in Accessibility Service to install new apps, intercept text messages to bypass two-factor authentication (2FA), listen in on calls and record video and audio on infected devices.
In addition to this, SpyNote can be used to steal Facebook and Google account credentials, record and send videos from an infected device to an attacker-controlled server, extract codes from Google Authenticator and log key presses to steal banking credentials.
While CypherRat is mainly being used as a banking trojan at the moment, it could also be used as spyware due to its ability to record video, take pictures and capture keystrokes.
How to stay safe from Android malware
SpyNote, CypherRat and other Android malware is mainly spread through phishing sites, third-party app stores and social media. This is why you need to be extremely careful when clicking on links and attachments in emails, messages or even social media posts.
However, the easiest way to stay safe from Android malware is to avoid sideloading apps despite how tempting doing so may be. Instead, you want to only download apps from official app stores like the Google Play Store, Samsung Galaxy Store and the Amazon Appstore.
Even then, bad apps do manage to slip through Google and other tech giants’ defenses which is why you should ensure that Google Play Protect is enabled and running on all of your Android devices. It continually scans your existing apps as well as any new ones you download for malware. For additional protection though, you may also want to consider installing one of the best Android antivirus apps.
Another thing to watch out for is apps requesting Accessibility permissions after installation. While some legitimate apps do need these permissions in order to work properly, you need to be extra cautious when granting these kinds of permissions. You also want to look at reviews and ratings before installing any new app, and it’s a good idea to look for external reviews (preferably video reviews) so that you can ensure an app really does what its listing page says.
Android malware and malicious apps used to spread malware were a huge problem last year, but with CypherRat’s source code being readily available online, 2023 may be an even worse year for Android security.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
