#spynote found ->hxxps://www.virustotal.com/gui/file/a1de866d5f75b3f31becb07f4660e2a3cc29d242888be38fadb5a54657156745

#opendir

⚠️Watch out fake AV websites sharing malware

#Spynote (for android)
/avast-securedownload.com Avast

#Lumma Stealer
/bitdefender-app.com Bitdefender

#StealC (via Buer Loader?)
/malwarebytes.pro Malwarebytes

samples and detonations below 👀

suspicious #opendir with #spynote in there?
#apk

#AsyncRAT server distributing #SpyNote a.k.a. #CypherRat
hxxp://31.172.83.170/apks/
[+]more info: bleepingcomputer.com/news/security/…

⚠️ #SpyNote Android RAT dirigido a Chile 🇨🇱 y suplantando a Banco Estado y Banco Santander.

Para infectar a sus víctimas, el atacante realiza campañas de #phishing a través de la técnica conocida como BITB (Browser In The Browser). Ref: mrd0x.com/browser-in-the…

69.197.134.103…

Android में #SpyNote नाम के मालवेयर ने एंट्री मारी है. जो सिस्टम अपडेट या ऐप अपडेट के नाम पर यूजर्स को लुभाता है. लिंक पर क्लिक करते ही कॉल लॉग से लेकर SMS, कैमरा और स्टोरेज का एक्सेस हासिल कर लेता है.

पूरी खबर: thelallantop.com/technology/pos…

This is a type of craxs rat( #spynote ) malware. Since A101 is a Turkish🇹🇷 market chain, the target is Turkish citizens.

🆕 Fresh #opendir : 161.35.124[.71

💻Client.exe - #quasar / botnet #office04 :
🔗 tria.ge/231201-mj55jah…

💻winapi.exe / ai.exe / netexe.jpg - #PowerShell (Base64 + Raw Inflate)
📡 C2: 65.0.50[.125:22355

📱ready.apk - #spynote
📡C2: 193.161.193[.99:20590

Some active C2 panels of Spynote botnet:

http://104[.]233[.]210[.]35/
https://warwickyouth[.]com/
https://csx22[.]top/
https://malai01.dorila[.]top/
https://lapassover[.]site/
https://video01.dorila[.]top/
https://heishitanfan[.]online/
http://104.225.158.203.16clouds[.]com/…

📲 Google_Translate.apk - #SpyNote Malware

📂 #opendir : 62.217.183[.163

🎛️ C2: 159.100.9[.47:8080

#android 🤖

#android #spynote
hxxps://45.130.151.211/
🤔MalwareHunterTeam

🚨 Our technical analysis on SpyNote, a formerly Android Spyware recently adopted to perform bank frauds via Account Takeover attacks (ATO) and on-device fraud (ODF) against customers of several European banks.

Full report: cleafy.com/cleafy-labs/sp…

#android #botnet #cleafy

¿Te preocupa tu privacidad?

Siempre debes tener cuidado con lo que descargas en tu smartphone.

SpyNote es una muestra.

Se trata de un troyano para Android que puede grabar tus conversaciones y más.

🧵🖱️

#Spynote
chromeupdatetools[.]online
IP: 68.67.203[.]208

downloaded file: chrome-update.apk >
virustotal.com/gui/file/c278b…

We've updated the vx-underground malware sample collection

- Arechclient2
- CobaltStrike
- Emotet
- IcedId
- LockBitRansomware
- NetSupportRAT
- NSIS
- Paradies
- PoweRAT
- QakBot
- RedCap
- RedLine
- RoyalRansomware
- SpyNote
- Xdr33

Check it out here: vx-underground.org

#Android #Trojan #Malware
MalwareHunterTeam Axelle Ap. @cryptax @mastodon.social
Cyber_OSINT 💥 𝕭𝖑4𝖈𝖐𝖍0𝖑3𝖟 👾
JAMESWT Mikhail Kasimov
#SpyNote
From: https://www.lovefox[.]me/download/hitalk.apk
C2: http://43.133.46[.]128:7771/

Take a note of SpyNote! blog.f-secure.com/take-a-note-of… #Pentesting #CyberSecurity #Infosec

⚠️fake Android App [Rapport ラポート] #SpyNote #trojan

IP: 194.124.216[.]154 (AS3214 xTom)
Abused Brand: Bank of Japan 日本銀行
IoC: otx.alienvault.com/pulse/6440223b…

🦠/skin/client/signed10317c.apk
bazaar.abuse.ch/sample/7c4fdf5…
bazaar.abuse.ch/sample/841271e…
Naomi Suzuki moto_sato bunny

🇮🇹 Campagna #SpyNote mascherata da App #INPS Mobile

🦠 #SpyNote è noto per le sue capacità invasive

ℹ️ Approfondimenti e 💣 #IoC 👇

🔗 cert-agid.gov.it/news/rilevata-…

Zscaler researchers show how a threat actor created malicious Skype, Google Meet and Zoom websites to spread SpyNote RAT to Android users and NjRAT & DCRat to Windows users. zscaler.com/blogs/security…