Threat Summary of SpyMax
The Threat Summary of SpyMax:
| Yam | SpyMax Malware |
| ThreatType | Android malware, malicious app, unwanted app. |
| Detection Names | Avast-Mobile (Android:Evo-gen [Trj]), DrWeb (Android.Hidden.1.origin), ESET-NOD32 (An Android Variant/Spy.SpyMax.E), Kaspersky (HEUR:Trojan-Spy.AndroidOS . SpyNote.e), Full List ( VirusTotal ) |
| Related Domains | pataraha[.]com (fake pharmacy website). |
| Detection Names (pataraha[.]com) | Dr.Web (Malicious), G-Data (Malware), Fortinet (Malware), Kaspersky (Malware), Full List ( VirusTotal ). |
| Symptoms | The device runs slower, system settings are modified without users’ permission, dubious apps appear, data and battery usage increase significantly, browsers redirect to unauthorized web pages, and intrusive advertisements are displayed. |
| Distribution Methods | Infected email attachments, malicious online advertisements, social engineering, deceptive applications, and fraudulent websites. |
| Damage | Stolen personal information (private messages, logins/passwords, etc.), decreased device performance, battery drains quickly, decreased internet speed, significant data loss, monetary loss, and stolen identity (malicious apps may abuse communication applications). |
| Malware Removal (Android) | To remove malware infections, our security researchers recommend scanning your Android device with reputable anti-malware software. We recommend Avast, Bitdefender, ESET, or Malwarebytes. |
Malware has varied capabilities, allowing for a wide variety of misuses. In addition to spyware, Android OS devices are also targeted by banking malware. Anubis, Eventbot, and Cerberus are just a few examples of this malware. Regardless of how the malicious content operates, the purpose is the same: to generate revenue for the developers/cyber criminals who use it.
Malware infections can compromise device integrity and affect system health, leading to serious privacy issues, financial loss, and identity theft.
How did SpyMax infiltrate my device?
SpyMax spyware has been observed to proliferate via a fake pharmacy website under the guise of an app called “COVIDTZ”.
This is a common distribution technique, whereby malware is disguised as a legitimate and popular piece of software or is presented as a normal and useful product on a deceptive web page. However, other untrustworthy download sources can also deliver malicious content using such disguises.
For example, free file hosting sites (freeware), Peer-to-Peer sharing networks, and other third-party downloaders. Other modes of malware proliferation include illegal activation (“cracking”) tools, fake updates, and spam campaigns. Instead of activating licensed products, “cracking” tools can download/install malicious software.
Fake updaters infect systems by exploiting flaws in outdated products and/or installing malware instead of the promised updates. The term “spam campaign” defines a large-scale operation during which thousands of fraudulent emails are sent. The content of these messages often tricks people into opening infectious attachments and/or downloading malware links.
Therefore, emails are usually presented as “official”, “urgent”, “important” or “priority” email. Infectious files can be in various formats (for example, archive and executable files, Microsoft Office and PDF documents, JavaScript, etc.). When these files are opened, the infection process (ie download/installation of malware) is started.
How to prevent the installation of malware
Caution is strongly recommended when browsing. Only download content from official/verified channels. It is also important to activate and update products with tools/functions provided by genuine developers. Illegal activation tools (“cracks”) and third-party updates should not be used as they are often used to distribute malware.
Suspicious and/or irrelevant emails, especially those with attachments or links, should not be opened, as this may result in a high-risk infection. To ensure device and user safety, it is highly recommended to have reputable anti-virus/anti-spyware software installed. Furthermore, it should be kept up to date, used to run regular system scans, and remove detected threats/issues.
