A Spynote-like malware has circulated in Russia, capable of secretly unlocking banking apps. Security discussions on the Finance Cyber Security forum highlighted remarks by the President of the Central Bank of the Russian Federation, Elvira Nabiullina, about this threat.
Specifically, the malware disguises itself as harmless software, allowing attackers to monitor the device, capture passwords, and read SMS messages through remote control techniques.
When the deception succeeds, criminals can open a banking app and drain accounts without leaving obvious traces, Nabiullina warned.
The central bank governor described the spread of this type of malware as a dangerous trend. Regulators say that over the past six months, roughly 40 to 50 percent of theft incidents occurred through such schemes.
Some banks have strong protections against these viruses, while others remain exposed. Authorities aim to close gaps quickly, pushing banks to shore up defenses by the end of the quarter.
Additionally, the governor signaled the creation of a dedicated fraud complaint channel by October 2025. Through this channel, users can report fraudulent operations in the banking app and obtain a formal certificate that supports police communication.
What is Spynot?
Spynote is a remote-access trojan designed for stealthy control of mobile devices. It is particularly popular among criminals who harvest payment credentials stored on Android phones. In practice, scammers lure victims with seemingly useful apps that actually install the spyware to steal online banking data.
According to Kaspersky Lab, with such malware, attackers can tailor the attack to the victim’s device, stealing data or attempting financial transactions via remote control. The criminals may persuade users to grant permissions, share screens, or disclose confidential information—an assessment by Kaspersky Lab security expert Sergey Golovanov.
Security researchers note that 2024 saw nearly a ninefold rise in attacks using Spynote and its variants versus 2023. Kaspersky Lab identifies Spynote as one of the top three tools that pose a financial threat to Android users in Russia in 2025.
Save the theft amount
At the same time, the Central Bank of Russia reported that antifraud systems in banks helped prevent about 13.5 trillion rubles in losses in 2024, reflecting roughly 72.17 million attempts by criminals to steal funds.
Nevertheless, criminals still stole about 27.5 billion rubles from customers of credit institutions, a figure that marks a 74 percent decrease from the previous year.
Regulators stressed that the lion’s share of losses comes from funds stolen directly from customers who are individuals.
Nabiullina also commented on gaps in fraud reporting, noting that some cases were not added to consumer fraud registries even when customers were deceived and funds moved. She urged tightening oversight and clearer reporting rules.
She explained that supervisory measures would be used, penalties could be applied to banks when necessary, and that a clearer legal definition of fraudulent actions would help authorities pursue offenders, including actions taken without customer consent.
She noted that many lenders now report fraud incidents in about 85 percent of cases, showing improvement over the prior year. The central bank intends to maintain this effort, focusing on higher data quality from banks that had not reported promptly.