The trojan is not yet in circulation, but researchers have found copies distributed on the Dark Web. The malware is able to guarantee absolute control of the device through a TCP connection.
It has not yet appeared on the Internet, but the code can already be found in the Dark Web forums. This is SpyNote , a RAT (Remote Access Tool) for Android devices identified by researchers at Palo Alto Networks through monitoring the slums of the Internet.
At first glance, SpyNote looks more like a spying tool than a classic piece of malware, designed for targeted attacks. The trojan does not require root access, but the user must grant the app numerous permissions upon installation , including those to modify messages and access the SD card. Furthermore, its code is not obfuscated in any way.
In short: the impression is that it is a tool designed to be installed manually or through a malware that has already compromised the device .
Once installed, SpyNote makes itself invisible by hiding its icon and opens a TCP communication port on port 2222, through which it communicates with a Command and Control server .
Spynote allows you to remotely control any smartphone function.
From now on, the pirate has complete control of the device. It can check the call log, change any settings, intercept and record phone calls made with the device , copy stored files, use the camera and microphone at will, access GPS information and even make phone calls.
Everything is managed by an absolutely “user friendly” control system that allows access to all functions via a graphic interface , as seen in a video that appeared on YouTube showing the RAT in operation.
At the moment there is no news of any malware distribution campaigns, but according to researchers at Palo Alto Networks, it is only a matter of time. The toolkit for creating “customized” versions of SpyNote is freely available on the Internet and therefore anyone can use it.