Spyware Based on SpyMax
The detected and analyzed APK named “检察院” (Chinese Prosecutor’s Office) is a highly dangerous mobile threat identified as an advanced variant of the SpyMax/SpyNote family. The malware is a comprehensive spyware package that impersonates the Supreme People’s Procuratorate of the People’s Republic of China and targets Chinese-speaking users.
This threat actor aims to gain complete control over Android Accessibility Services using innovative social engineering techniques and HTML-based deception mechanisms. This authorization provides nearly unlimited access to the device, offering data theft, surveillance, and remote control capabilities.
The threat can communicate with a known command and control (C2) server, block SMS messages, track location information, provide camera control, and execute system commands. All these factors make this malware a significant threat to corporate users, individuals with access to government officials’ information, and Chinese-speaking users in general.
One of the most important features that distinguishes this threat from others is the sophisticated social engineering tactic targeting Android Accessibility Services. This tactic provides the malware with almost unlimited permissions on the device. Additionally, the malware has versatile capabilities including communication with command and control servers, camera and microphone control, SMS and call log monitoring, location tracking, and data theft.
Unmasking Spyware Based on SpyMax Targeting Chinese Citizens
We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:
