New Malware Threat: SpyNote, BadBazaar, and MOONSHINE Target Android and iOS Users Through Fake Apps
April 11, 2025
Spyware / Mobile Security
Cybersecurity experts have uncovered a dangerous trend where threat actors are using deceptive websites on newly registered domains to spread SpyNote, a notorious Android malware. These fraudulent sites mimic Google Play Store installation pages for popular apps like the Chrome browser, aiming to trick users into downloading the malware. According to the DomainTools Investigations (DTI) team, the attackers employed a combination of English and Chinese-language delivery sites and even included Chinese-language comments in the site code and the malware itself.
SpyNote (also known as SpyMax) is a remote access trojan infamous for its capability to collect sensitive information from compromised Android devices by exploiting accessibility services. In May 2024, the malware was distributed via another fake site that posed as a legitimate antivirus program, Avast. Further analysis from mobile security firm Zimperium revealed additional tactics employed by these cybercriminals…
