The most recent commit to the repository was made on June 26, 2023, and the repository has 4 commits in total. While the repository itself has not seen recent activity, the malware it distributes continues to appear in active threat campaigns, as documented by multiple cybersecurity research firms throughout 2024 and 2025.
: To bypass security evaluations like Google Play Protect, the malware is never available on the official Google Play Store and must be manually installed from third-party sources. Development History and GitHub Presence
Upon installation, the application often hides its launcher icon, making it difficult for everyday users to notice or uninstall.
is a highly sophisticated and controversial Android Remote Access Trojan (RAT) that has gained massive traction across open-source hosting platforms like GitHub . While originally designed as a powerful monitoring utility, its source code leaks and active forks on GitHub repositories have turned it into a primary tool for both cybersecurity researchers analyzing mobile threats and malicious actors deploying spyware.
It intercepts incoming and outgoing SMS messages, views call history, and can even send unauthorized SMS messages from the victim's number.
: The malware can track the victim’s real-time location by accessing GPS data, enabling physical surveillance and stalking.
is one of the most notorious Remote Access Trojans (RATs) targeting the Android operating system. While initially developed as a commercial or leaked hacking tool years ago, its source code and cracked server builders frequently resurface across open-source platforms like GitHub . Security repositories, such as the 4btin/SpyNote-v6.4 GitHub repository , highlight ongoing community tracking, source leaks, and analysis of this threat.
Only download applications from official marketplaces like the Google Play Store, which utilizes Google Play Protect to scan for known SpyNote signatures.
While these permissions alone do not guarantee malicious behavior, their combination—particularly when requested by applications masquerading as simple utilities like a translator or email client—is highly suspicious.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.