Pierluigi Paganini July 31, 2016

Palo Alto Networks recently discovered a Remote Access Trojan dubbed SpyNote that is
free available allowing anyone to launch attacks in the wild.

I love when the sale happens in malls. People just rush and want to get good things for cheap prices. And who doesn’t love something free?

The spyware and malware market is highly lucrative when it comes to sale [on the black and grey market]. And there is similar rush there as well during the sale. But the recently freely available SpyNote spyware has got every cyber criminal running for a piece of the action. Experts from Palo Alto Networks recently discovered a RAT (Remote Access Trojan) offered for free called Spynote, much like OmniRat and DroidJack .

“Our team recently discovered a new Android Trojan called SpyNote which facilitates remote spying. The builder, which creates new versions of the malware, recently leaked on several malware discussion forums. SpyNote is similar to OmniRat and DroidJack, which are RATs (remote administration tools) that allow malware owners to gain remote administrative control of an Android device.” states a blog post published by PaloAlto Networks.

Let’s look at some of the functionalities of this potent Android Trojan.

• It doesn’t require root access.
• Listen to calls.
• Steals contact and message data.
• Records audio via the phone microphone.
• Make rogue calls.
• Install rogue applications.
• Get IMEI number, Wi-Fi MAC address, and cellphone carrier details.
• Get the device’s last GPS location.
• Control camera.

Amazing list of malicious uses and its available for free. Yes, it’s free.

This is the reason why many security researchers are worried that it will soon be a big problem as many less proficient cybercriminals [*cough *cough script kiddies] will be using it extensively.

Also, people with ill intents may also install the Trojan manually for spying purposes.

SpyNote does not require root access to a device but it prompt users for a long list of permissions on installation.

It’s not clear yet how authors plan to distribute the RAT to the victims, though attacks have not been seen yet, but researchers believe that since the SpyNote builder is available for free customized versions of its APK will soon be distributed via third party websites near you.

But Android users should be worried as newer versions of our loveable Android have features like Verify Apps and SafetyNet  which may block such malware packages from getting installed.

Moral of the story, don’t install applications from third-party stores as even Google Play sometimes is unable to keep malicious applications at bay itself.