.jpg)
![[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOWn65wd33dg2uO99NrtKbpYLfcepwOLidQDMls0HXKlA91k6HURluRA4WXgJRAZldEe1VReMQZyyYt1PgnoAn5JPpILsWlXIzmrBSs_TBoyPwO7hZrWouBg2-O3mdeoeSGY-l9_bsZB7vbpKjTSvG93zNytjxgTaMPqo9iq9Z5pGa05CJOs9uXpwHFT4/s1600/ai-cyber.jpg?#)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Rogue Company Elite tier list of best characters [April 2025]](https://media.pocketgamer.com/artwork/na-33136-1657102075/rogue-company-ios-android-tier-cover.jpg?#)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![What’s new in Android’s April 2025 Google System Updates [U: 4/18]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/google-play-services-3.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Watch Series 10 Back On Sale for $299! [Lowest Price Ever]](https://www.iclarified.com/images/news/96657/96657/96657-640.jpg)
![EU Postpones Apple App Store Fines Amid Tariff Negotiations [Report]](https://www.iclarified.com/images/news/97068/97068/97068-640.jpg)
![Apple Slips to Fifth in China's Smartphone Market with 9% Decline [Report]](https://www.iclarified.com/images/news/97065/97065/97065-640.jpg)
Beware! Android Spyware ‘SpyMax’ Gain Total Control of Your Android Phone
A sophisticated Android spyware campaign has been uncovered, disguising itself as the official application of the Chinese Prosecutor’s Office (检察院). This advanced variant of the SpyMax/SpyNote family targets Chinese-speaking users across mainland China and Hong Kong, exploiting Android Accessibility Services through polished social engineering techniques and deceptive UI elements to gain near-total control of victims’ […] The post Beware! Android Spyware ‘SpyMax’ Gain Total Control of Your Android Phone appeared first on Cyber Security News.
A sophisticated Android spyware campaign has been uncovered, disguising itself as the official application of the Chinese Prosecutor’s Office (检察院).
This advanced variant of the SpyMax/SpyNote family targets Chinese-speaking users across mainland China and Hong Kong, exploiting Android Accessibility Services through polished social engineering techniques and deceptive UI elements to gain near-total control of victims’ devices.
Once granted permissions, the malware gains an alarming level of access to personal data and device functions. It can access messages, calls, GPS location data, camera functions, and microphone recordings – even operating silently in the background when the device’s screen is off.
The modular design includes components for command execution, camera/mic control, and data exfiltration over encrypted HTTPS.
ThreatMon researchers identified this threat in early April 2025, noting its particularly sophisticated approach to social engineering.
The malware was detected on April 4, with distribution primarily occurring through third-party app stores where it masquerades as legitimate government software with the APK name “检察院”.
The impact of this campaign extends beyond simple data theft. Victims may experience unauthorized financial transactions, premium SMS fraud, and complete surveillance of their digital and physical activities.
Technical analysis reveals the malware stores stolen data in categorized files, encrypts them, and wipes traces after transmission to its command and control server at 165.154.110.64.
The sophisticated nature of this threat is evidenced by its ability to dynamically trigger behavior based on system states including screen activity, battery level, and network conditions – making it particularly difficult for average users to detect.
Infection Mechanism: Deceptive User Interface
The most insidious aspect of this malware lies in its infection mechanism. The attackers have designed a fully interactive HTML interface that precisely mimics Android’s accessibility settings page.
This fake interface includes animated buttons and official-looking layouts specifically crafted to convince users to grant critical permissions without raising suspicion.
The deceptive interface employs advanced web techniques to create a convincing replica of system settings screens. When users interact with these fake interfaces, the malware silently requests and activates dangerous permissions in the background while displaying seemingly legitimate confirmation messages to the user.
This creates a seamless illusion that everything is functioning normally while the malware establishes its foothold.
// Sample code demonstrating permission hijacking technique
document.getElementById('accessibility-toggle').addEventListener('click', function() {
// Request critical permissions while appearing legitimate
requestAccessibilityPermission();
// Hide actual warning messages that might alert the user
document.querySelector('.warning-message').style. Display = 'none';
// Show fake confirmation instead
document.querySelector('.fake-confirmation').style. Display = 'block';
});This sophisticated approach allows SpyMax to bypass users’ natural suspicion when requesting sensitive permissions, significantly increasing infection rates.
Once accessibility services are enabled, the malware gains the ability to read screen content, interact with applications autonomously, and intercept user interactions – essentially giving attackers complete remote control of the compromised device.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post Beware! Android Spyware ‘SpyMax’ Gain Total Control of Your Android Phone appeared first on Cyber Security News.
