Back in 2017 we published a report on new mobile threats and describing the global trends regarding financial malware. One of those we highlighted was the increase of RAT samples in the Android ecosystem. Almost two years have passed, and here we are: RAT malware is widespread in the wild!

Over the last couple of months, we have observed several cases appearing in our southern Europe clients network and mainly financial institutions. Fortunately, we have been able to identify and remove them before any damage could be done. Our technology included in the mobile apps of our clients analyses the behaviour of other apps installed in the device. This information is then analyzed by our AI-driven server component to recognize and categorize malware threats. We were able to detect several samples known as Spynote exemplars.

Spynote is a malware family that has been around for a while (first appeared back in 2016). This malware has improved its effectiveness over the years, offering critical capabilities that can impact user’s privacy, intercept credentials or reset accounts relying on the SMS and phone capabilities (to cite few possibilities).

It is vital for our clients to quickly notify the customer about this threat and promptly block any following fraudulent activity. Thanks to our technology they can perform these activities in real time, as soon as the danger is detected.
Removing threats and letting your customers feel safe using sensitive services is part of the value we provide at XTN.

For further information contacts us at or visit