May 29, 2026
C2 Hosts: 1
SpyNote
Also known as: CypherRat
According to Cleafy, SpyNote abuses Accessibility services and other Android permissions in order to: Collect SMS messages and contacts list; Record audio and screen; Perform keylogging activities; Bypass 2FA; Track GPS locations.
Linked Threat Actors
OilRig
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
May 28, 2026
C2 Hosts: 1
May 27, 2026
C2 Hosts: 1
May 26, 2026
C2 Hosts: 1
May 23, 2026
C2 Hosts: 1
| Date | C2 Hosts |
|---|---|
| May 29, 2026 | 1 |
| May 28, 2026 | 1 |
| May 27, 2026 | 1 |
| May 26, 2026 | 1 |
| May 23, 2026 | 1 |
Further Reading
疑似APT-C-56(透明部落)针对恐怖主义的攻击活动分析
360烽火实验发现了一批疑似APT-C-56(透明部落)针对恐怖主义发起攻击的恶意样本,通过溯源关联分析发现,攻击活动至少开始于2018年6月,至今仍处于活跃状态
mp.weixin.qq.com
Kasablanka(卡萨布兰卡)组织针对中东地区政治团体和公益组织的攻击行动
近期,360高级威胁研究院在日常情报挖掘中发现并捕获到了Kasablanka组织针对Windows和Android两个平台的攻击活动,经分析后推测该组织不简简单单是为了经济利益,其动机似乎更倾向于信息收集和间谍活动
mp.weixin.qq.com
PROSPERO & Proton66: Uncovering the links between bulletproof networks
Key findings This report presents: The Russian autonomous system PROSPERO (AS200593) could be linked […]
intrinsec.com
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyNote, also known as SpyMax and CypherRat, is a unique and effective Spyware which developed unique interest in banking users
threatfabric.com
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyNote, also known as SpyMax and CypherRat, is a unique and effective Spyware which developed unique interest in banking users
threatfabric.com
Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign
Beginning in May 2019, Volexity started tracking a new series of strategic web compromises that have been used in highly targeted attacks against Tibetan individuals and organizations by a Chinese […]
volexity.com