Image

Image

"The SpyNote RAT registers a service called AutoStartup and a broadcast receiver named BootComplete. MainActivity registers BootComplete with a boot event, so that whenever the device is booted, BootComplete gets triggered. BootComplete starts the AutoStartup service and the AutoStartup service makes sure that MainActivity is always running."With that level of access guaranteed, the malware can get to work executing any of its main functions. For instance, it can leverage command execution to root the device using known vulnerabilities or zero-days, capture screen shots and audio recordings, and intercept SMS messages. It can even steals contacts so that it can infect other Android users.
Image

"The days when one needed in-depth coding knowledge to develop malware are long gone. Nowadays, script kiddies can build a piece of malware that can create real havoc. Moreover, there are many toolkits like the SpyNote Trojan builder that enable users to build malware with ease and few clicks."Given the prevalence of SpyNote and others like it, Android users should install applications only from the Google Play Store. They should also avoid installing any mobile app that's not yet officially available for Android, as unofficial copies could be malicious in nature.