APT / THREAT GROUP

SpyNote

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Cleafy, SpyNote abuses Accessibility services and other Android permissions in order to: Collect SMS messages and contacts list; Record audio and screen; Perform keylogging activities; Bypass 2FA; Track GPS locations.

Threat Analysis

SpyNote is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

apk.spynoteSpyNoteCypherRat

External Intelligence

Malpedia: apk.spynote

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SpyNote — APT / Threat Group | Threat Intelligence | CTIWATCH.COM