Spynote banking trojan

SpyNote: A banking trojan targeting bank customers in Europe

2 Mins Read

PureVPNNewsSpyNote: A banking trojan targeting bank customers in Europe

Different European bank customers are attacked by an Android banking trojan named SpyNote, part of a highly aggressive campaign discovered in June and July 2023.

The spyware is distributed through phishing or smishing campaigns, and the attackers carry out fraudulent activities using remote access trojan (RAT) capabilities and vishing attacks, as explained by Italian cybersecurity firm Cleafy.

Details about SpyNote

SpyNote, also known as SpyMax, shares similarities with other Android banking Trojans, requiring accessibility permissions on Android to obtain additional necessary permissions and gather sensitive data from infected devices. 

The notable aspect of this malware is its dual capability as spyware and a tool for bank fraud.

Source: SpyNote installation phases and permissions automatically accepted 

Learning the process

  1. The attack begins with a fake SMS urging you to install a banking app. 
  2. Once clicked, the link redirects victims to the genuine TeamViewer QuickSupport app on Google Play Store. 

Security researcher Francesco Iubatti revealed that “attackers impersonate bank operators and perform fraudulent transactions directly on the victim’s device using TeamViewer as a conduit for remote access and stealthy malware installation.”

The information harvested by SpyNote includes geolocation data, keystrokes, screen recordings, and SMS messages, allowing it to bypass SMS-based two-factor authentication.

Source: SMS and Screen recording 

According to Cleafy’s analysis, 

“Teamviewer has been adopted by several TAs to execute fraud operations through social engineering attacks. In particular, the attacker calls the victim, impersonating bank operators, and performs fraudulent transactions directly on the victim’s device. We have intercepted multiple samples masquerading behind various applications, such as security apps, bank names or Android updates.”

Concluding remarks

The Spynote has shown multiple functionalities and will likely be used for further phishing campaigns. Using social engineering tricks is not new, but this campaign has proved to be aggressive. What’s our take? Vigilance and intelligent security posture that fits our needs.

author

PureVPN

date

August 2, 2023

time

2 years ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Snapchat Down Worldwide Amid Major AWS Outage: What We Know So Far

Snapchat Down Worldwide Amid Major AWS Outage: What We Know So Far
Posted on October 20, 2025
Slack Faces Partial Outage: Users Report Message Delays and Loading Issues

Slack Faces Partial Outage: Users Report Message Delays and Loading Issues
Posted on October 20, 2025
Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect
Posted on October 8, 2025

Have Your Say!!