Android Spyware SpyNote Targets European Bank Customers in an Aggressive Campaign

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

The ongoing threat campaign against financial institutions saw the entry of SpyNote spyware, an Android banking trojan. Active since the end of 2022, the trojan was observed to be carrying out bank frauds as well.

Cleafy’s security researchers revealed that the spyware, also dubbed SpyMax, exploits various Accessibility services and Android permissions to carry out malicious attacks against its victims.

The trojan known for its spyware and phishing capabilities is distributed through fake SMS messages (smishing) and a combination of its remote access trojan (RAT) capabilities and phishing tactic is used to execute multiple fraudulent activities.

This campaign against multiple European bank customers was witnessed to be most prevalent around the months of June & July 2023.

The Italian cybersecurity company in an advisory noted that the infection chain primarily begins with a bogus SMS message urging its victims to click the accompanying URL to install the certified banking app. A second message redirects the victims to a seemingly legitimate TeamViewer QuickSupport app, which is used to remotely access the victim’s device.

Once installed, the trojan tracks various user activities and harvests sensitive information from the target’s device including, keystrokes, installed applications, text inputs, GPS location, audio and screen recordings, contacts, SMS messages to bypass two-factor authentication (2FA). With this information, the attacker can easily steal banking and other financial credentials from the host’s device.

Moreover, to avoid detection, the spyware utilizes various techniques like, anti-emulator controls, obfuscation and junk codes, as well as it hides itself, so the user is unable to manually remove it from the device.

The advisory also noted that unlike other banking trojans, SpyNote is one of the most aggressive campaigns observed in recent years. Moreover, its multiple functionalities will make it one of the choice vectors used by threat actors to launch bank fraud activities.

With the rising phishing and smishing campaigns, it is imperative that both individuals and organizations remain vigilant and employ different security measures to thwart such fraud attempts.

Data Breach: US Retailer Hot Topic Discloses Multiple Cyberattacks

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Retail chain Hot Topic notified its customers that it was a victim of a series of credential-stuffing attacks. The wave of attacks which took place between February 7 to June 21,2023, resulted in the exposure of various sensitive information of customers.

Established in 1988, Hot Topic is an American retailer specializing in licensed music and counterculture-related apparels and accessories. With around 10,000 employees, the company operates both brick-and-mortar (600+ across the US) and online stores.

On August 1, the company notified its customers about the data breach incident wherein stolen account credentials was used to access its Rewards platform. The automated attack against both the website and mobile application was launched several times, earlier this year.

‘’Following a careful investigation, we determined that unauthorized parties launched automated attacks against our website and mobile application on February 7, March 11, May 19-21, May 27-28, and June 18-21, 2023, using valid account credentials (e.g., email addresses and passwords),’’ the notification read.

The attack allowed the unknown hackers to potentially steal personal information of customers including their name, order history, phone number, email address, month and date of birth, and mailing address. The company also revealed that the last 4 digits of the card saved to the compromised account may have been accessed by the unauthorized parties as well.

Following the investigation into the incident, the retailer clarified that it was not the source of the utilized account credentials.

Hot Topic also stated that on discovering the incident, it had launched several containment measures including working with third-party cybersecurity experts. Various security measures were also deployed to safeguard the website and mobile application from automated ‘’credential-stuffing’’ attacks.

Moreover, Hot Topic disclosed that it was unable to differentiate between unauthorized and legitimate logins, so through emails it was notifying all Rewards customers about the incident. To avoid phishing attacks, the customers were also advised to change and choose a strong and unique password for their Rewards account.