Attackers used localized SpyNote X Links sent via SMS pretending to be Deutsche Post. Victims clicked the link, installed the "tracking app," and granted permissions. Over 1,200 users lost an average of €3,400 each via real-time overlay attacks on their banking apps.
Executives at a logistics firm received WhatsApp messages from a "potential client" containing a SpyNote X Link. Once installed, the trojan exfiltrated Microsoft Authenticator codes and Slack conversations, leading to a $2 million BEC (Business Email Compromise) scheme. spynote x link
Employs "diehard services" that automatically restart the app if closed and prevent uninstallation via accessibility service abuse. Key Technical Capabilities Attackers used localized SpyNote X Links sent via