We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

SpyNote Spyware Targets European Bank Users

SpyNote Spyware Targets European Bank Users
Author Image Zane Kennedy
Zane Kennedy Published on 7th August 2023 Cybersecurity Researcher

In a wave of cyber attacks that have sent shockwaves through the European banking sector, users of multiple financial institutions have fallen victim to the insidious SpyNote Android spyware. The notorious malware, traditionally known for espionage and data collection, has recently been repurposed by hackers to execute bank fraud on a massive scale.

Cleafy Threat Intelligence Team first detected the aggressive campaign on users of financial institutions in June and July of this year. SpyNote, also known as SpyMax, leverages social engineering and Android's accessibility permissions to exploit users and gain control over their devices.

The attack chain typically commences with a deceptive smishing campaign. Unsuspecting victims receive fake SMS messages enticing them to install a new certified banking app. Once the user clicks on the accompanying link, they are redirected to the legitimate TeamViewer QuickSupport app on the Google Play Store for “technical support”. This app is then exploited by the hackers to gain remote access to the user’s device for the purpose of installing SpyNote.

With full control established, SpyNote springs into action, capturing sensitive data through various means. The malware employs keylogging techniques to record user activities, collects SMS messages, gain access to GPS locations, and more. Of particular concern is the malware's capability to intercept two-factor authentication (2FA) codes, effectively bypassing the security measures implemented by banks.

SpyNote utilizes defense evasion techniques, such as code obfuscation and anti-emulator controls, complicate analysis. Additionally, the malware conceals its presence on the infected devices by hiding its application icon and preventing manual removal via settings.

The aggressive nature of the SpyNote campaign raises severe concerns for European banking customers. The malware's dual functionality as spyware and a tool for bank fraud make it a potent threat, capable of inflicting severe financial losses and privacy violations.

Cleafy warns that threat actors will likely continue exploiting SpyNote's multiple functionalities in future attacks. As such, financial institutions and users must remain vigilant against phishing attacks and proactively update their security measures to defend against these evolving threats.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.