SpyNote (Malware Family) By Fraunhofer FKIE Archived: 2026-04-05 22:32:20 UTC According to Cleafy, SpyNote abuses Accessibility services and other Android permissions in order to: Collect SMS messages and contacts list; Record audio and screen; Perform keylogging activities; Bypass 2FA; Track GPS locations. 2026-01-23 ⋅ Medium Ireneusz Tarnowski ⋅ Ireneusz Tarnowski SpyNote: Comprehensive Analysis of an Android Remote Access Trojan SpyNote 2025-05-19 ⋅ cocomelonc ⋅ cocomelonc AIYA - Mobile malware development book. First edition AndroRAT Anubis CraxsRAT Dendroid FakeGram Hydra IPStorm SpyNote 2025-04-10 ⋅ DomainTools ⋅ DomainTools Newly Registered Domains Distributing SpyNote Malware SpyNote 2025-02-09 ⋅ Medium (@mvaks) ⋅ mvaks Analysis of malicious mobile applications impersonating popular Polish apps — OLX, Allegro, IKO SpyNote TrickMo 2024-11-21 ⋅ Intrinsec ⋅ CTI Intrinsec, Intrinsec PROSPERO & Proton66: Uncovering the links between bulletproof networks Coper SpyNote FAKEUPDATES GootLoader EugenLoader 2024-11-20 ⋅ Intrinsec ⋅ Equipe CTI PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks Coper SpyNote FAKEUPDATES GootLoader EugenLoader IcedID Matanbuchus Nokoyawa Ransomware Pikabot 2024-10-08 ⋅ Hunt.io ⋅ Hunt.io Inside a Cybercriminal’s Server: DDoS Tools, Spyware APKs, and Phishing Pages SpyNote 2024-06-26 ⋅ Group-IB ⋅ Group-IB Craxs Rat, the master tool behind fake app scams and banking fraud CraxsRAT SpyMax SpyNote 2024-06-20 ⋅ Hunt.io ⋅ Michael R Caught in the Act: Uncovering SpyNote in Unexpected Places SpyNote 2024-02-19 ⋅ Fortinet ⋅ Axelle Apvrille Android/SpyNote bypasses Restricted Settings + breaks many RE tools SpyNote 2024-02-15 ⋅ Fortinet ⋅ Axelle Apvrille Android/SpyNote Moves to Crypto Currencies SpyNote 2023-07-31 ⋅ Cleafy ⋅ Francesco Iubatti SpyNote continues to attack financial institutions SpyNote 2023-05-10 ⋅ K7 Security ⋅ Baran S spynote SpyNote 2023-01-05 ⋅ ThreatFabric ⋅ ThreatFabric SpyNote: Spyware with RAT capabilities targeting Financial Institutions SpyMax SpyNote 2023-01-05 ⋅ Bleeping Computer ⋅ Bill Toulas SpyNote Android malware infections surge after source code leak SpyNote 2022-12-06 ⋅ ⋅ 360 Threat Intelligence Center ⋅ 360 Beacon Lab https://malpedia.caad.fkie.fraunhofer.de/details/apk.spynote Page 1 of 2 Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism AhMyth Meterpreter SpyNote AsyncRAT 2022-08-17 ⋅ ⋅ 360 ⋅ 360 Threat Intelligence Center Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT 2022-08-10 ⋅ K7 Security ⋅ Baran S spynote SpyNote 2021-09-21 ⋅ civilsphereproject ⋅ civilsphereproject Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN SpyNote 2021-04-21 ⋅ Facebook ⋅ David Agranovich, Mike Dvilyanski Taking Action Against Hackers in Palestine SpyNote Houdini NjRAT 2020-12-10 ⋅ Intel 471 ⋅ Intel 471 No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT 2020-12-01 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed SpyNote BladeHawk 2020-07-15 ⋅ Relativity ⋅ Bartlomiej Czyż An in-depth analysis of SpyNote remote access trojan SpyNote 2020-03-31 ⋅ Volexity ⋅ Volexity Threat Research Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign SpyNote Stitch Godlike12 Storm Cloud 2019-04-30 ⋅ ClearSky ⋅ ClearSky Cyber Security Raw Threat Intelligence 2019-04-30: Oilrig data dump link analysis SpyNote OopsIE There is no Yara-Signature yet. Source: https://malpedia.caad.fkie.fraunhofer.de/details/apk.spynote https://malpedia.caad.fkie.fraunhofer.de/details/apk.spynote Page 2 of 2 SpyMax SpyNote SpyNote Android 2023-01-05 malware ⋅ Bleeping Computer infections surge after ⋅ Bill Toulas source code leak SpyNote 2022-12-06 ⋅ ⋅ 360 Threat Intelligence Center ⋅ 360 Beacon Lab Page 1 of 2