The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented.
Learn more
The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

SpyNote Spyware Targets European Bank Users

SpyNote Spyware Targets European Bank Users
Author Image Zane Kennedy
Zane Kennedy First published on August 07, 2023 Former Cybersecurity Researcher

In a wave of cyber attacks that have sent shockwaves through the European banking sector, users of multiple financial institutions have fallen victim to the insidious SpyNote Android spyware. The notorious malware, traditionally known for espionage and data collection, has recently been repurposed by hackers to execute bank fraud on a massive scale.

Cleafy Threat Intelligence Team first detected the aggressive campaign on users of financial institutions in June and July of this year. SpyNote, also known as SpyMax, leverages social engineering and Android's accessibility permissions to exploit users and gain control over their devices.

The attack chain typically commences with a deceptive smishing campaign. Unsuspecting victims receive fake SMS messages enticing them to install a new certified banking app. Once the user clicks on the accompanying link, they are redirected to the legitimate TeamViewer QuickSupport app on the Google Play Store for “technical support”. This app is then exploited by the hackers to gain remote access to the user’s device for the purpose of installing SpyNote.

With full control established, SpyNote springs into action, capturing sensitive data through various means. The malware employs keylogging techniques to record user activities, collects SMS messages, gain access to GPS locations, and more. Of particular concern is the malware's capability to intercept two-factor authentication (2FA) codes, effectively bypassing the security measures implemented by banks.

SpyNote utilizes defense evasion techniques, such as code obfuscation and anti-emulator controls, complicate analysis. Additionally, the malware conceals its presence on the infected devices by hiding its application icon and preventing manual removal via settings.

The aggressive nature of the SpyNote campaign raises severe concerns for European banking customers. The malware's dual functionality as spyware and a tool for bank fraud make it a potent threat, capable of inflicting severe financial losses and privacy violations.

Cleafy warns that threat actors will likely continue exploiting SpyNote's multiple functionalities in future attacks. As such, financial institutions and users must remain vigilant against phishing attacks and proactively update their security measures to defend against these evolving threats.

About the Author

  • Author Image Zane Kennedy
  • Zane Kennedy Former Cybersecurity Researcher

Zane was a Cybersecurity Researcher and Writer at The How To Guide. His extensive experience in the tech and cybersecurity industries provided readers with accurate and trustworthy news stories and articles. He aimed to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address