Researchers at cybersecurity firm D3Lab have identified and spread a new malicious app used to spy on Android smartphones. According to the report, the virus was hidden on a fake platform pretending to be IT Alert, the public alert service of the Italian Civil Protection Department.
The fake app stole login data – such as email addresses and passwords, for example – and credentials used to access banking applications. This spyware is specifically designed to target Italian usersIt pretends to be a government service to warn area residents in the event of natural disasters.
To attract victims Cybercriminals have created a fake website warning of a “national earthquake” that could occur in the coming days Encouraging a sense of urgency to download the malicious app. The infected file is not edited when accessed from a computer or iPhone, in which case the victim is directed to the official website.
When installed on Android, the fake IT alert brings SpyNote malware that requires access to sensitive phone permissions, including accessibility. According to D3Lab’s investigations, the malware can capture images and videos and send them to servers managed by the attacker. It can also record calls, record keyboard text, and more.
Check out the interface of the fake app below:
SpyNote is a malware that has been around for a few years, but the version recently identified in Italy is SpyNote.C, which corresponds to the third generation of the virus. The directive is for Android mobile phone owners to uninstall IT Alert downloaded outside the system’s official store, Play Store, and scan it with an antivirus of your choice.
See the fake website screen below:
“Coffee trailblazer. Social media ninja. Unapologetic web guru. Friendly music fan. Alcohol fanatic.”