This app that can't be deleted could be silently recording your calls and taking screenshots
Cybercriminals are forever finding ways to get into your phone. The latest example is the SpyNote malware, which aims to keep tabs on you and steal sensitive information.
As detailed by cyber security company F-Secure, SpyNote is spyware and is spread through smishing or fake mobile messages. The text messages trick victims into downloading the app.
Although SpyNote doesn't ask for a lot of permissions, the ones it does requests are similar to permissions that spyware asks for. When it's first launched, it asks for the BIND_ACCESSIBILITY_SERVICE permission and when that's granted, the malware self-approves several additional vital permissions.
The app also tries to hide itself and can't be found in the app launcher. It doesn't even show up on the Recents screen. It relies on external triggers such as an SMS to be launched.
SpyNote runs two "diehard" services. Diehard services can't be shut down easily, neither by the Android system nor by the victim. Whenever an attempt is made to kill the malicious services, they are started back up.
The main purpose of SpyNote is to steal as much data from the victim's phone as possible and send it back to the attacker's computer.
SpyNote collects a dangerous amount of information on users. It can record incoming phone calls and send them to its developers. It is also capable of taking screenshots and sending them to the Command and Control center.
It can even record what you type on your phone, meaning it can steal your credentials and screen unlock password.
There's only one way to get rid of SpyNote
Unlike most other nefarious apps, getting rid of SpyNote is not as straightforward as deleting it. Since it's a hidden app, it can't be located and deleted. Deleting it through the Settings app is not possible either, as the app closes the menu screen whenever the user navigates to the app via Settings.
And since it runs diehard services, the victim cannot stop them by going to the developer options either.
The only way someone can get rid of SpyNote is by factory resetting their device and having all their data erased from the phone.
Fake earthquake alert app
According to folks at D3Lab, some bad actors are trying to get Android users to install malware from the SpyNote family by duping them into downloading a fake IT-Alert app. IT-Alert is a public alert system used in Italy to provide information to the public and broadcast alert messages regarding emergencies or disasters.
Threat actors have created a domain of the same name which warns people that an earthquake is expected and asks them to download an app to stay updated on what the situation is like in their area.
Things that are NOT allowed: