Android SpyMax Spyware Alert: Total Control Malware Masquerades as Government App

A highly advanced Android spyware operation has surfaced, posing as the official app of the Chinese Prosecutor’s Office. Dubbed SpyMax, this malware is part of the SpyNote family and is capable of hijacking nearly every aspect of an Android device—using deceptive UI tactics and exploiting accessibility services.

  • The spyware disguises itself using the name “检察院” and is mainly distributed through third-party app stores.
  • Once permissions are granted, SpyMax gains access to messages, calls, GPS data, microphone, camera, and can operate in stealth mode—even when the screen is off.
  • The malware’s components include encrypted data exfiltration, command execution, and real-time remote control via HTTPS.
  • Its infection mechanism leverages fake HTML interfaces that mimic Android accessibility settings, tricking users into granting dangerous permissions.
  • It employs animated, official-looking layouts to suppress warning messages and replace them with fake confirmations.
  • The malware dynamically activates based on system state, screen activity, battery level, and network connection—enhancing its evasion tactics.
  • The stolen data is encrypted, categorized, transmitted to the attacker’s C2 server (IP: 165.154.110.64), and then traces are wiped to prevent detection.
  • Victims risk unauthorized banking activity, surveillance, and SMS fraud, with full remote access given to the attacker once installed.

SpyMax is a stark reminder of how sophisticated mobile spyware campaigns have become. Always avoid installing apps from untrusted sources, and be wary of fake system-like permission prompts. Organizations and users must adopt mobile endpoint protection, enforce app store restrictions, and educate staff on mobile phishing risks. At Net Protector Cyber Security, we remain committed to identifying and neutralizing threats like SpyMax to ensure complete mobile defense.