Blog Layout
The Cybersecurity Lair™ • June 25, 2024

Latest News | Beware of SpyMax: A Hidden Threat Targeting Telegram on Android

Protect Your Telegram: The Dangers of SpyMax RAT on Android

SpyMax is a Remote Administration Tool (RAT) used by threat actors to exploit Android devices, particularly targeting Telegram users. It masquerades as the Telegram app, and once installed, it requests the user to enable the Accessibility Service. With these permissions, SpyMax acts as a keylogger and collects personal data such as keystrokes, location details, and device movement. This data is then compressed and sent to a Command and Control (C2) server. The C2 server sends back system commands and additional payloads to the infected device, compromising the user's data integrity and confidentiality.


Steps of the Attack


  • Phishing Campaign: The user receives a phishing link disguised as a legitimate download link for Telegram.
  • Download and Installation: The user clicks the link and downloads a malicious APK file named "ready.apk".
  • Impersonation: The installed malware disguises itself as the Telegram app.
  • Request for Permissions: The malware repeatedly asks the user to enable the Accessibility Service.
  • Data Collection: Once permissions are granted, the malware logs keystrokes and collects location data.
  • Data Compression and Transmission: The collected data is compressed and sent to a C2 server.
  • C2 Communication: The C2 server sends back commands and additional malware payloads to the infected device.


Actions to Avoid the Attack


  • Use Reputable Security Software: Install and regularly update security software like K7 Mobile Security to detect and block malware.
  • Download from Trusted Sources: Only download apps from trusted platforms such as Google Play and the App Store.
  • Keep Devices Updated: Regularly update your device to patch known vulnerabilities.
  • Exercise Caution: Be cautious of phishing links and unsolicited download prompts.


Source and further reading.


S, B. (2024, June 25). SpyMax - An Android RAT targets Telegram Users - K7 Labs. K7 Labs. https://labs.k7computing.com/index.php/spymax-an-android-rat-targets-telegram-users/


Fkie, F. (n.d.). SpyMax (Malware Family). https://malpedia.caad.fkie.fraunhofer.de/details/apk.spymax


Reporters, F. (2024, June 16). 2 Malaysians linked to ‘Trojan Spymax’ scam extradited to Singapore. Free Malaysia Today. https://www.freemalaysiatoday.com/category/nation/2024/06/16/2-msians-linked-to-trojan-spymax-scam-extradited-to-singapore/


Share by: