Android/SpyNote Moves to Crypto Currencies
released on 2024-02-26 @ 10:08:53 AM
A new variant of the Android/SpyNote remote access trojan has been observed targeting cryptocurrency wallets through the use of the Android Accessibility API. The malware displays overlays on top of legitimate wallet apps to trick users into entering wallet details and approval for transactions, allowing the malware operators to steal funds. The malware also uses anti-analysis techniques such as intentionally malformatted APK files to evade detection.