Android malware SpyNote attacks the Japanese under the guise of local housing and communal services

Researchers McAfee revealed a large-scale malicious SMS campaign targeting Android smartphone users in Japan.

The attackers sent out SMS messages on behalf of companies providing electricity and water supply services, warning recipients of alleged debts for using these services. The messages contained links leading to phishing sites, where victims were asked to enter personal data and pay non-existent debts. In the same place, malware disguised as the official application of local service providers was downloaded to the devices of Japanese users.

One such supplier whose good name was misused was TEPCOproviding electricity services in Japan. The sudden request to install a malicious application on a smartphone apparently did not arouse suspicion among the victims, since they knew this company well and trusted it.

This malicious operation was carried out for a suspiciously short time: from June 7 to 9, 2023, but managed to affect thousands of users throughout Japan.

The SpyNote Trojan that infected victims’ devices is already known spyware that allows you to remotely control a smartphone and gain access to the owner’s personal data. It steals contacts, SMS messages, call logs, location and other sensitive information.

In addition to spying, SpyNote also steals two-factor authentication data from Google Authenticator, Gmail and social network account passwords. Malefactors from different countries actively use this Trojan in their malicious campaigns throughout 2023, in particular for attacks on financial institutions.

Once launched, SpyNote disguises its icons as legitimate applications, then opens a fake settings screen and asks the victim to enable access to device accessibility. This allows the malware to disable battery optimization and run continuously in the background.

The Trojan also automatically activates the installation of applications from unknown sources, which gives it the ability to freely download additional malware. This tactic allows you to bypass the vigilance of the victim and gain extended rights on the target device.

McAfee experts warn that Android users should be extra careful and vigilant when receiving suspicious SMS messages, even if they appear to be from utility providers and other government entities.

Flash loading apk-files from suspicious sites is also a good indicator that hackers are trying to attack you. A legitimate institution, if there is such a need, will redirect you to the official store Google Play to install the app from there. And even when downloading from official sources, you must first read the reviews and check the publisher’s page, because cybercriminals, if they really want to, can fake it too.