The Trojan app is called SpyNote and allows hackers steal user messages and contacts, listen to their calls, record sound using the device's built-in microphone, control the camera, and much more.
According to researchers from Palo Alto Networks, SpyNote does not require access root on a device, but prompts users to a long list of installation rights. Trojan can also be done automatically Update and install others malicious applications to the device.
But it is not clear how attackers intend to distribute it to the victims, because researchers have not yet observed any attack. However, with SpyNote Builder's release, it is very likely that an attack will soon be detected.
The builder is an application of Windows which can be used to create customized versions of it malware SpyNote APK (application package Android). Attackers can modify parameters such as the application's name, icon, and command server.
Most malicious applications Android is distributed by third party websites and installed on devices from "unknown sources". This feature is disabled by default on Android devices.
Another possibility is to install it manually Trojan application in an unattended device. There have been cases where users have received pre-infected devices as gifts from people who wanted to spy on them.
Newer versions of Android have features anti-malware such as Verify Apps and SafetyNet that can detect and block known malware applications.
As a general rule, installing applications from third-party sources can be very dangerous - these sources often lack the governance provided by official sources, As the Google Play Store, which, even with detailed procedures and algorithms to eliminate malicious applications, is not impregnable.