Russians have been warned about the "account ripper virus". What you need to know about SpyNote

Central Bank Governor Elvira Nabiullina said that about half of the thefts of money in banking applications occur through the SpyNote application. She urged banks to introduce protection against it. How the spy program works and who it threatens in the first place - in the material "Izvestia".

What Nabiullina told about

- According to Nabiullina, the virus SpyNote began to spread actively in the phones of Russians in the second half of 2024. This is a program with a remote access function that pretends to be a harmless application. With its help, fraudsters can monitor the phone, read passwords and track SMS messages. With the help of this information, they "gut" banking applications, transferring funds to attackers.

- The SpyNote virus was responsible for about 40-50% of the cases of bank account theft via apps. Although some banks have introduced protection against it in their programs, many still have not secured their clients from the malware. Nabiullina said that by the end of March, the Central Bank will require financial organizations to strengthen protection against SpyNote.

What is the danger of SpyNote

- Usually, different viruses of the SpyNote family are downloaded to the device using "smishing" - a type of fraud when a link is sent to the user via SMS or a fake mobile message. Opening this link leads to the download of the malware. Once the app is launched, it asks for one permission, which in turn is responsible for a number of other critical permissions. Sometimes the link to the virus comes after a call from a scammer, who thus "advises" to secure the phone.

- SpyNote tries to hide itself from the user and does not appear in the list of applications. Sometimes its launch is activated by another SMS message. The program is written in such a way that it will thwart all attempts to remove itself by "covering" the phone screen and pretending as if the command has been executed. You can only get rid of it by deleting all data and resetting the settings. SpyNote and similar viruses spread on Android devices.

Missing in the gallery: the first virus stealing data from iPhone photos has been found

He's helping hackers clean out cryptocurrency wallets.

- The virus is dangerous because it transmits a large amount of data to scammers, which is enough for quick theft. In addition to reading passwords and SMS, SpyNote records incoming calls, takes screenshots, and steals online banking credentials. Advanced versions of the virus update themselves and install other malware. In some cases, SpyNote targets crypto wallets rather than banking applications.

What other programs can steal money

- In addition to SpyNote, there are several other programs that have ways to steal from the user. These include modifications of the legitimate NFCGate application, which transmits bank card data via NFC modules. The fake program asks to attach a bank card to the phone and enter a PIN code on a page that the scammers send. From that point, they are able to quickly withdraw money from the card.

- The Mamont virus is usually disguised as a useful application that the user will allow access to SMS and push notifications without any suspicion. Once the program is working, it will allow scammers to steal money through SMS banking. Often, links to Mamont are sent from compromised accounts, with scammers accompanying them with questions like "Is that you in the video?" to make the user curious enough to click on the link.