A new and powerful form of Android malware has reportedly been discovered that is targeting online banking applications.

The malware, detailed by researchers at cybersecurity company ThreatFabric, is part of the SpyNote family and can steal usernames and passwords for bank accounts, social media profiles, and more.

The newest SpyNote variant is currently the most active form of malware. The variant has reportedly been used to target high-profile individuals and organizations and has been particularly effective in stealing sensitive information.

Moreover, the malware can avoid detection by security software by constantly changing its code, making it one of the most sophisticated and dangerous pieces of malware currently in circulation.

"The volume of samples that we see, which is in the order of hundreds per week since October 2022, indicates that actors are finding some success in this operation," said Lasha Khasaia, Android malware reverse engineer at ThreatFabric, as reported by ZDNet.

How does it work?

SpyNote malware is often unknowingly downloaded by victims through fake applications that are distributed via phishing campaigns. These apps are designed to look like legitimate versions of popular apps, tricking the victim into downloading them.

The malware specifically targets online banking applications and financial details, posing as legitimate banking apps including HSBC, Deutsche Bank, Kotak Bank, and BurlaNubank.

Other popular Android apps like WhatsApp, Facebook, and Google Play have also been targeted.

The app containing the malware is designed to steal personal information and send it to the Command and Control Center. It can record videos and take pictures using the device's camera, and track the GPS location and social media credentials (Facebook and Google).

It also uses Keylogging to extract code from Google Authenticator and steal banking credentials, as noted by the researchers at ThreatFabric.

What to do next?

If you download a fake app that is infected by malware, there are a few things you can do to mitigate the damage:

1. Immediately uninstall the app
2. Delete any files associated with the app
3. Scan your device for malware
4. Change any passwords that may have been compromised
5. Inform your friends and family about the fake app
6. Stay vigilant in the future and only download apps from trusted sources

Android malware
UNSPLASH