Summary: Cybersecurity researchers have discovered deceptive websites impersonating legitimate app stores to distribute SpyNote malware, which targets Android devices. This malware is linked to known threat actors, including state-sponsored groups, and is capable of extensive data theft and control over infected devices. Additionally, intelligence agencies have issued alerts regarding other malware threats like BadBazaar and MOONSHINE, which target specific communities for surveillance.
Affected: Android devices, NGOs, journalists, and targeted communities
Keypoints :
- Threat actors are using newly registered domains to host fake Google Play Store pages for distributing SpyNote malware.
- SpyNote can harvest sensitive data and has been adopted by state-sponsored actors.
- Joint advisory warns of BadBazaar and MOONSHINE targeting Uyghur, Taiwanese, and Tibetan communities.
Source: https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html