A new campaign has resurfaced in which attackers trick users into downloading SpyNote, a notorious Android Remote Access Trojan (RAT), by hosting fake Google Play Store pages that look almost identical to the real application marketplace.
This activity appears tied to the same actor exposed in April, but researchers note subtle modifications aimed at strengthening the malware’s evasion features.
https://cyberpress.org/android-malware/