Smishing Campaign Impersonates Japanese UtilitiesAttackers Targeted Electric and Water Public Utility Users
Hackers are targeting Japanese Android users with a new smishing campaign to employ a new version of SpyNote malware.
Researchers at McAfee said in a Friday post that attackers in June impersonated a power and water infrastructure company to send out SMS alerts about payment problems and lure victims onto a rogue website. They infected targets' devices with remote-controlled SpyNote malware.
The spyware exploits accessibility services and device administrator privileges in Android devices and is capable of stealing device information and sensitive user information such as device location, contacts, incoming and outgoing SMS messages and phone calls.
SpyNote is usually distributed through smishing attacks or phishing websites and deceives users by using legitimate app icons to look real. A previous version of the app targeted financial institutions, including the Bank of Japan in April 2023.
The spyware enables hackers to track user activities, steal personal and financial data and even control their devices remotely. Discovered in 2016, the malware evolved over the years.
In the last quarter of 2022, ThreatFabric observed a significant spike in the samples from the SpyNote malware family.
ThreatFabric researchers also spotted a new version of SpyNote called SpyNote.C targeting banking apps and social networking apps and legitimate services like the U.S. Postal Service and financial institution HSBC.
Research from Capterra found that bogus package delivery scams were the second most common type of SMS phishing scam in 2022, ranking only behind banking schemes.