While no official statement has been released as to how the malware variants are spreading, it can be assumed that these are likely spreading through phishing campaigns and malicious websites. From an enterprise level, the best course of action to take to prevent against this malware would be to educate end users on the best practices to take when browsing the internet, to verify application legitimacy, and to read application reviews prior to installation. Applications should also only be downloaded from trusted app stores. Additionally, it would be advised to follow best practices when forming a BYOD policy, ensuring that end users are connecting to guest wifi or another segmented network that can be monitored. Additionally, as this malware provides means to bypass MFA, organizations should implement a defense in depth strategy. It is recommended to monitor for suspicious logins and MFA attempts, such as monitoring logins from another country.
https://www.bleepingcomputer.com/news/security/spynote-android-malware-infections-surge-after-source-code-leak/
