- 3,014
- 282
- 1,730
Researchers from the DomainTools Investigations (DTI) community have identified a dozen new .TOP domains used to distribute the SpyNote Android Trojan. The findings imitate Google Play Store pages for downloading various applications.
The fakes are designed in English or Chinese. The codes of the sites and the malware itself contain comments in Chinese. The fake pages contain a carousel of images that, when clicked, download an APK to the visitor's device - a dropper that drops SpyNote . When installed, the malware requests many permissions that it needs to steal data (geolocation, contacts, call log, SMS, files), turn on the camera and microphone, manipulate calls and execute commands. In May last year, SpyNote was distributed under the guise of an antivirus from a fake Avast website. Disguising mobile malware as a legitimate application is a common practice in the world of cybercrime. Spyware distributors BadBazaar and Moonshine, for example, have created more than 100 trojanized clones of popular Android apps over the past two years. @ Anti-Malware
The fakes are designed in English or Chinese. The codes of the sites and the malware itself contain comments in Chinese. The fake pages contain a carousel of images that, when clicked, download an APK to the visitor's device - a dropper that drops SpyNote . When installed, the malware requests many permissions that it needs to steal data (geolocation, contacts, call log, SMS, files), turn on the camera and microphone, manipulate calls and execute commands. In May last year, SpyNote was distributed under the guise of an antivirus from a fake Avast website. Disguising mobile malware as a legitimate application is a common practice in the world of cybercrime. Spyware distributors BadBazaar and Moonshine, for example, have created more than 100 trojanized clones of popular Android apps over the past two years. @ Anti-Malware