{"id":211223,"date":"2025-04-12T05:17:20","date_gmt":"2025-04-12T10:17:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/04\/spynote-badbazaar-moonshine-malware-target-android-and-ios-users-via-fake-apps"},"modified":"2025-04-12T05:17:20","modified_gmt":"2025-04-12T10:17:20","slug":"spynote-badbazaar-moonshine-malware-target-android-and-ios-users-via-fake-apps","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/04\/spynote-badbazaar-moonshine-malware-target-android-and-ios-users-via-fake-apps","title":{"rendered":"SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps"},"content":{"rendered":"<p style=\"padding-right: 20px\"><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/spynote-badbazaar-moonshine-malware-target-android-and-ios-users-via-fake-apps2.jpg\"><\/a><\/p>\n<p>The clone websites identified by DTI include a carousel of images that, when clicked, download a malicious APK file onto the user\u2019s device. The package file acts as a dropper to install a second embedded APK payload via the <a href=\"https:\/\/developer.android.com\/reference\/android\/content\/DialogInterface.OnClickListener\" rel=\"noopener\" target=\"_blank\">DialogInterface. OnClickListener interface<\/a> that allows for the execution of the SpyNote malware when an item in a dialog box is clicked.<\/p>\n<p>\u201cUpon installation, it aggressively requests numerous intrusive permissions, gaining extensive control over the compromised device,\u201d DTI said.<\/p>\n<p>\u201cThis control allows for the theft of sensitive data such as SMS messages, contacts, call logs, location information, and files. SpyNote also boasts significant remote access capabilities, including camera and microphone activation, call manipulation, and arbitrary command execution.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The clone websites identified by DTI include a carousel of images that, when clicked, download a malicious APK file onto the user\u2019s device. The package file acts as a dropper to install a second embedded APK payload via the DialogInterface. OnClickListener interface that allows for the execution of the SpyNote malware when an item in [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1512],"tags":[],"class_list":["post-211223","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-mobile-phones"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/211223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=211223"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/211223\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=211223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=211223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=211223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}