OTX Bot<p>Newly Registered Domains Distributing SpyNote Malware</p><p>Cybercriminals are employing deceptive websites on newly registered domains to distribute AndroidOS SpyNote malware. These sites imitate the Google Chrome install page on the Google Play Store, tricking users into downloading SpyNote, a powerful Android remote access trojan. SpyNote is used for surveillance, data exfiltration, and remote control of infected devices. The investigation uncovered multiple domains, IP addresses, and APK files associated with this campaign. The malware utilizes various C2 endpoints for communication and data exfiltration, with functions designed to retrieve and manipulate device information, contacts, SMS, and applications.</p><p>Pulse ID: 67feb504b76dd387be73309b<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67feb504b76dd387be73309b" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67feb</span><span class="invisible">504b76dd387be73309b</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-15 19:35:32</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/APK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APK</span></a> <a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://social.raytec.co/tags/Chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chrome</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/DoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DoS</span></a> <a href="https://social.raytec.co/tags/Endpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Endpoint</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/GooglePlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GooglePlay</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteAccessTrojan</span></a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://social.raytec.co/tags/SpyNote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpyNote</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
281active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#endpoint
0 posts · 0 participants · 0 posts today
SpaceLifeForm<p><span class="h-card" translate="no"><a href="https://epistolary.org/@vees" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vees</span></a></span> </p><p>This is true. But there is an advantage to being the King MITM instead of others that are already a MITM.</p><p><a href="https://infosec.exchange/tags/EndPoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EndPoint</span></a></p>
Teri Radichel<p>VPC with a <a href="https://infosec.exchange/tags/NAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NAT</span></a> and a <a href="https://infosec.exchange/tags/VPC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPC</span></a> <a href="https://infosec.exchange/tags/Endpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Endpoint</span></a> Deployed With <a href="https://infosec.exchange/tags/CloudFormation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudFormation</span></a><br>~~<br>ACM.276 Allow a <a href="https://infosec.exchange/tags/Lambda" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lambda</span></a> function in a private network to access <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> via a NAT and <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> <a href="https://infosec.exchange/tags/CodeCommit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CodeCommit</span></a> via a VPC <a href="https://infosec.exchange/tags/Endpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Endpoint</span></a> <br>~~<br>by Teri Radichel | July 31, 2023<br><a href="https://infosec.exchange/tags/Network" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Network</span></a> <a href="https://infosec.exchange/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloud</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p><p><a href="https://medium.com/cloud-security/vpc-and-nat-and-a-vpcendpoint-deployed-with-cloudformation-229870a3d008" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/cloud-security/vpc-</span><span class="invisible">and-nat-and-a-vpcendpoint-deployed-with-cloudformation-229870a3d008</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload