Android trojan spotted in the wild can record audio and phone calls

A banking trojan named SpyNote is once again 'smishing' its way into your financial information. Here's your best defense.
Written by Jack Wallen, Contributing Writer
Witthaya Prasongsin/Getty Images

No mobile device is 100% safe from malicious attacks. With third-party apps, various phishing campaigns, and malicious links waiting to be tapped, the only way to remain safe is to always be on the alert for what new types of attacks have been discovered.

A banking trojan named SpyNote has returned from its 2022 grave to once again "smish" its way into grabbing your financial information. Although Google has already taken action to implement protection against the threat, the trojan's re-discovery in the wild serves as a good reminder to every mobile user to be careful about how you use those phones.

Also: 9 top mobile security threats and how you can avoid them

Why is SpyNote not like other threats?

The difficulty in dealing with such a threat is that SpyNote isn't found tucked away inside another app. In that sense, it's not a traditional Trojan. Instead, what SpyNote does is use SMS phishing (aka, "smishing") to send malicious SMS messages to users. Those messages direct users to download an .apk file from outside of the Google Play Store, which then infects the device.

Once infected, SpyNote tricks users into giving heightened permissions, and then it tucks itself away from being seen. Armed with those permissions, SpyNote can record audio (including phone calls), record video, log every tap you make on your device, steal usernames and passwords, and track your location.

Essentially, you've given SpyNote the keys to your kingdom and it will record your information (such as bank account credentials) and send them off for a threat actor to use against you.

F-Secure's  Amit Tambe, who penned an in-depth analysis of SpyNote, had this to say about what makes the trojan so tricky:

"The SpyNote sample is spyware that logs and steals a variety of information, including keystrokes, call logs, information on installed applications and so on. It stays hidden on the victim's device making it challenging to notice. It also makes uninstallation extremely tricky. The only option that the victim is left with is performing a factory reset to remove the malware."

What can you do?

Your best defense against SpyNote is to not tap on any link sent in an SMS message unless you know (and trust) the sender. Even then, use caution and check the links before even thinking of tapping. At the same time, do not install apps from outside the Google Play Store and, if something randomly asks for escalated permissions, be wary of allowing it. 

If you're not careful, the worst-case scenario is that someone will have your sensitive information and will use it. The best-case scenario is that you have to do a factory reset to rid your phone of this malicious application.

Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online

I live by a simple rule with regard to SMS messages: If you're not in my contacts, I will not read your messages. I take this one step further and block/report any SMS message I receive that is not from someone in my contact list. Yes, there are exceptions, such as when I'm expecting a particular SMS message -- but even then I am overly cautious about what I'll read.

Smishing might be a funny name but it should be taken very seriously.

Editorial standards