blog.pradeo.com
Open in
urlscan Pro
2606:2c40::c73c:671f
Public Scan
Submitted URL: https://blog.pradeo.com/e3t/Ctc/OM+113/ch5Kr04/VVqqN-74nQ84W7tHlRW2BqB1jW7xsyK954zGyHN54gmPK3lYMRW7Y8-PT6lZ3nZN7H1c9kMLc...
Effective URL: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANq...
Submission: On October 13 via api from US — Scanned from DE
Effective URL: https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANq...
Submission: On October 13 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMPOST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9
<form id="hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9"
class="hs-form-private hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_a8cd271a-3c6a-4756-a5cb-562e6d215ab7 hs-form stacked"
target="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068" data-instance-id="a8cd271a-3c6a-4756-a5cb-562e6d215ab7" data-form-id="caf050a8-9ff7-4223-8e7a-0bad8656b2b9" data-portal-id="2378615">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068" class="" placeholder="Enter your Email"
for="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068" name="email" required="" placeholder="Enter your email here" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_default_hubspot_blog_subscription hs-blog_default_hubspot_blog_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_subscription" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1697187331748","formDefinitionUpdatedAt":"1663853343732","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36","pageTitle":"SpyNote malware now targeting banking applications","pageUrl":"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email","pageId":"137969508747","urlParams":{"utm_medium":"email","_hsmi":"278111799","_hsenc":"p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c","utm_content":"278111799","utm_source":"hs_email"},"isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications","contentType":"blog-post","hutk":"ccbec44bbe95142ef72b535a77311e87","__hsfp":3857904254,"__hssc":"104134431.1.1697187332356","__hstc":"104134431.ccbec44bbe95142ef72b535a77311e87.1697187332356.1697187332356.1697187332356.1","formTarget":"#hs_form_target_module_159990330965303_blog_subscribe_2068","formInstanceId":"2068","pageName":"SpyNote malware now targeting banking applications","locale":"en","timestamp":1697187332378,"originalEmbedContext":{"portalId":"2378615","formId":"caf050a8-9ff7-4223-8e7a-0bad8656b2b9","region":"na1","target":"#hs_form_target_module_159990330965303_blog_subscribe_2068","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"2068","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<span>Thank you for subscribing! We’ll keep you posted.</span>","isMobileResponsive":true,"pageName":"SpyNote malware now targeting banking applications","pageId":"137969508747","contentType":"blog-post","formData":{"cssClass":"hs-form stacked"},"isCMSModuleEmbed":true},"correlationId":"a8cd271a-3c6a-4756-a5cb-562e6d215ab7","renderedFieldsIds":["email","blog_default_hubspot_blog_subscription"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3938","sourceName":"forms-embed","sourceVersion":"1.3938","sourceVersionMajor":"1","sourceVersionMinor":"3938","_debug_allPageIds":{"embedContextPageId":"137969508747","analyticsPageId":"137969508747","pageContextPageId":"137969508747"},"_debug_embedLogLines":[{"clientTimestamp":1697187331869,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"SpyNote malware now targeting banking applications\",\"pageUrl\":\"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36\",\"urlParams\":{\"utm_medium\":\"email\",\"_hsmi\":\"278111799\",\"_hsenc\":\"p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c\",\"utm_content\":\"278111799\",\"utm_source\":\"hs_email\"},\"pageId\":\"137969508747\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1697187331869,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1697187332373,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"ccbec44bbe95142ef72b535a77311e87\",\"canonicalUrl\":\"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications\",\"contentType\":\"blog-post\",\"pageId\":\"137969508747\"}"}]}"><iframe
name="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_2068" style="display: none;"></iframe>
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9
<form id="hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9"
class="hs-form-private hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_728b9890-bfa6-4606-ad9c-233ed27472f2 hs-form stacked"
target="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480" data-instance-id="728b9890-bfa6-4606-ad9c-233ed27472f2" data-form-id="caf050a8-9ff7-4223-8e7a-0bad8656b2b9" data-portal-id="2378615">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480" class="" placeholder="Enter your Email"
for="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480" name="email" required="" placeholder="Enter your email here" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_default_hubspot_blog_subscription hs-blog_default_hubspot_blog_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_subscription" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1697187331744","formDefinitionUpdatedAt":"1663853343732","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36","pageTitle":"SpyNote malware now targeting banking applications","pageUrl":"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email","pageId":"137969508747","urlParams":{"utm_medium":"email","_hsmi":"278111799","_hsenc":"p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c","utm_content":"278111799","utm_source":"hs_email"},"isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications","contentType":"blog-post","hutk":"ccbec44bbe95142ef72b535a77311e87","__hsfp":3857904254,"__hssc":"104134431.1.1697187332356","__hstc":"104134431.ccbec44bbe95142ef72b535a77311e87.1697187332356.1697187332356.1697187332356.1","formTarget":"#hs_form_target_module_160104611788712_9480","formInstanceId":"9480","pageName":"SpyNote malware now targeting banking applications","locale":"en","timestamp":1697187332372,"originalEmbedContext":{"portalId":"2378615","formId":"caf050a8-9ff7-4223-8e7a-0bad8656b2b9","region":"na1","target":"#hs_form_target_module_160104611788712_9480","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"9480","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<p style=\"text-align: center;\">Thanks for Subscribing!</p>","isMobileResponsive":true,"pageName":"SpyNote malware now targeting banking applications","pageId":"137969508747","contentType":"blog-post","formData":{"cssClass":"hs-form stacked"},"isCMSModuleEmbed":true},"correlationId":"728b9890-bfa6-4606-ad9c-233ed27472f2","renderedFieldsIds":["email","blog_default_hubspot_blog_subscription"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3938","sourceName":"forms-embed","sourceVersion":"1.3938","sourceVersionMajor":"1","sourceVersionMinor":"3938","_debug_allPageIds":{"embedContextPageId":"137969508747","analyticsPageId":"137969508747","pageContextPageId":"137969508747"},"_debug_embedLogLines":[{"clientTimestamp":1697187331839,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"SpyNote malware now targeting banking applications\",\"pageUrl\":\"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications?utm_medium=email&_hsmi=278111799&_hsenc=p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c&utm_content=278111799&utm_source=hs_email\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36\",\"urlParams\":{\"utm_medium\":\"email\",\"_hsmi\":\"278111799\",\"_hsenc\":\"p2ANqtz--9WZUdFSgKqw04m3oUofpfARPvZh1aFpLO0SV_Mlxgz8f7dQb2buDAaQ3zPUgmApOcFkxyJXcM5nDYVMbPxYKYLWfAxkquB1-Z9ylu4OLRnQSC00c\",\"utm_content\":\"278111799\",\"utm_source\":\"hs_email\"},\"pageId\":\"137969508747\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1697187331841,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1697187332367,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"ccbec44bbe95142ef72b535a77311e87\",\"canonicalUrl\":\"https://blog.pradeo.com/spynote-malware-now-targeting-banking-applications\",\"contentType\":\"blog-post\",\"pageId\":\"137969508747\"}"}]}"><iframe
name="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_9480" style="display: none;"></iframe>
</form>
Text Content
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy. If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked. Accept Decline * Expertise * Pradeo Security Technology * Application Expertise * Data Protection Laws * Solutions PRODUCTS Mobile Threat Defense Mobile App Security Testing In-App Protection Secure Private Store Mobile Threat Intelligence BUSINESS NEEDS UEM / MDM Security BYOD security Enrich SIEM USE CASES Government Banking & Insurance Pharmaceutical Logistic Energy * Resources * Solution datasheets * Customer Case Studies * Integration datasheets * White Papers, Reports & Studies * Webinars * Marketplace * Company * About us * Our team * Awards * Jobs * Blog * Contact * en * FR * DE TOPICS * Select a Topic * All * Mobile Security * Mobile Application Security * Cybersecurity * Expertise * Security Alert * Partners * Corporate * Events * News * cyberattack * predictions STAY UP TO DATE SUBSCRIBE TO OUR BLOG STAY UP TO DATE Email* Notification Frequency Security Alert SPYNOTE MALWARE NOW TARGETING BANKING APPLICATIONS By Roxane Suau on October, 5 2023 SINCE JUNE, A SURGE OF SPYNOTE INFECTIONS TARGETING BANKING APPLICATIONS HAS BEEN REPORTED. A NEW VERSION OF THE SPYWARE DISTRIBUTED THROUGH EMAIL PHISHING OR SMISHING (BY SMS) CAMPAIGNS IS NOW SPECIFICALLY DESIGNED TO COMMIT BANKING FRAUD. SpyNote is a family of dangerous Android malware, first sold on the dark web in 2021. After the source code was leaked in 2022, multiple variants came in circulation. The latest of these variants is targeting specifically financial institutions, such as HSBC, Deutsche Bank, Kotak Bank, BurlaNubank and Bank of America. HOW SPYNOTE WORKS SpyNote is an Android spyware that abuses the accessibility services developed for people with disabilities. It detects what happens on screen and performs malicious actions accordingly. Once the application is installed and the accessibility permission is granted, the spyware uses it to accept other permissions automatically. This way, cybercriminals behind the spyware gain access to anything on the device: users’ SMS messages, call logs, contacts, GPS location, filles, photos, camera, microphone... We recently observed that a new version of SpyNote shows advanced capabilities similar to banking malware. It is set up to perform a two-step attack, in which the second step consists in stealing banking details. To do so, it accesses the list of applications installed on users’ devices and prompts them to install a fake version of the banking application they use. It then uses keylogging and 2FA grabbing techniques to steal users’ credentials. Nowadays, almost all banks use strong customer authentication to confirm a money transaction. But since hackers using SpyNote have full access over infected devices, they are capable of bypassing two-factor authentication. When the security code is generated by an authentication application or sent via SMS message or email, they intercept it. SpyNote uses different defense evasion techniques, such as obfuscation, junk code and anti-emulator controls to prevent it from being launched and analyzed within an emulator or sandbox by security analysts. When the attack is successful, stolen information is monetized on the dark web and / or is used to commit banking fraud. BANKS AND OPERATORS OF ESSENTIAL SERVICES DIRECTLY TARGETED Financial institutions have been the main target of SpyNote in the last few months, with banks being targeted in the United Kingdom, Germany, India and America. Additionally, hackers also focus on essential services operators. Recently, Japanese users were targeted with a SpyNote attack posing as power or water suppliers. Using vital organisations creates a sense of urgency for the victim and makes them more susceptible to act immediately. In addition to pirates, who obviously risk prosecution, in the future this could also be the case for companies whose apps are counterfeited. The European NIS2 directive, which goes into effect in 2024, stipulates that mobile applications and services must be protected. It recommends detecting system vulnerabilities, carrying out intrusion tests and security audits. An application that can be easily cloned and therefore used in cyberattacks could result in a penalty for the company. HOW TO PROTECT MOBILE APPLICATIONS Now more than ever, mobile applications should never be published without prior validation of their security, especially in sectors where the data handled is sensitive. To assist companies, Pradeo offers a toolbox for controlling the confidentiality and security of mobile applications throughout their lifecycle, from development to operations. TAKE STOCK OF CURRENT SECURITY Pradeo's automated mobile application compliance audit tool enables you to: * Obtain a compliance analysis in just a few clicks, integrating data protection laws and customizable criteria. * See immediately whether the application handles personal data * Precise detection of data manipulation by an application and its libraries, specifying whether it is used locally, sent off-device, modified or deleted. This information is completed by the location where the data is stored or sent, if applicable. * Identify libraries with hidden behaviors and vulnerabilities. * Identify risks to be remedied before an application is released. * Justify application security work by showing a compliant audit result. REMEDIATE VULNERABILITIES AND PROTECT AGAINST EXTERNAL ATTACKS Pradeo's complementary AppSec tools enable application security managers to: * Continuously identify and remediate application vulnerabilities right from the development stage * Strengthen application code to prevent theft or cloning * Monitor mobile applications as they are used, to detect and respond to external threats * Detect counterfeit applications attempting to connect to an organization's server while pretending to be legitimate ABOUT THE AUTHOR More from this author ROXANE SUAU RECOMMENDED ARTICLES TWO SPYWARE TIED WITH CHINA FOUND HIDING ON THE GOOGLE PLAY STORE - July 6, 2023 DISCOVERY OF A VULNERABILITY IN ONE OF THE WORLD'S LARGEST OPEN SOURCE CATALOGS - March 3, 2023 POPULAR ARTICLES * SMS OTP Authentication: Not As Safe As You May Think * Two spyware tied with China found hiding on the Google Play Store * New malware detected on Google Play, 100.000+ users affected * Malicious app on Google Play drops banking malware on users’ devices * Spyware dubbed Facestealer infects 100,000+ Google Play users STAY UP TO DATE Email* Notification Frequency RECENT ARTICLES * SpyNote malware now targeting banking applications * Pradeo recognized in 2023 Gartner Peer Insights™ Voice of the Customer for Mobile Threat Defense * Two spyware tied with China found hiding on the Google Play Store * Pradeo launches unmatched benefits for MSSPs with its latest Mobile Threat Defense release * Smartphones and tablets : An open door to ransomwares ARTICLES RÉCENTS SpyNote malware now targeting banking applications - 5 October, 2023 Pradeo recognized in 2023 Gartner Peer Insights™ Voice of the Customer for Mobile Threat Defense - 5 October, 2023 Two spyware tied with China found hiding on the Google Play Store - 5 October, 2023 Pradeo launches unmatched benefits for MSSPs with its latest Mobile Threat Defense release - 5 October, 2023 Smartphones and tablets : An open door to ransomwares - 5 October, 2023 TOPICS * Mobile Security (52) * Mobile Application Security (38) * Cybersecurity (26) * Expertise (26) * Security Alert (21) * Partners (19) * Corporate (12) * Events (4) * News (4) * cyberattack (1) * predictions (1) see all GET IN TOUCH WITH MOBILE SECURITY EXPERTS Contact us European leader in mobile security, Pradeo protects business mobile devices and applications. Read More * Resources * UEM security * Use cases * Data protection * Contact us * Mobile Threat Defense * Mobile Application Security Testing * In-App Protection * Secure Private Store * Mobile Threat Intelligence contact@pradeo.com Copyright @ 2022. All Right Reserved. * * *