SpyNote is usually distributed through deceptive techniques, such as impersonating legitimate applications (like "Avast Mobile Security") or via malicious links in emails and text messages.
The code frequently contains checks to determine if it is running inside an emulator or a sandbox environment used by security researchers. If an emulator is detected, the malware may alter its behavior or cease functioning entirely. spynote v64 github 2021