UPDATED 00:21 EST / JANUARY 27 2017

APPS

Fake Netflix app comes complete with trojan that spies on users

Security firm Zscaler Inc. has found a fake Netflix app that installs a remote-access malware onto the devices of those who install it.

The app is a skinned version of the SpyNote RAT that can monitor a victim’s communications, including the ability to activate both a microphone and any built-in camera on an infected device.

In addition, SpyNote also uninstalls antivirus software, copies files from the device to the hacker’s server, views contacts, reads SMS messages and last, but certainly not least, can gain remote control of the infected device.

“The spyware in this analysis was portraying itself as the Netflix app. Once installed, it displayed the icon found in the actual Netflix app on Google Play,” Zscaler’s Shivang Desai explained in a blog post. “As soon as the user clicks the spyware’s icon for the first time, nothing seems to happen and the icon disappears from the home screen. This is a common trick played by malware developers, making the user think the app may have been removed. But, behind the scenes, the malware has not been removed; instead it starts preparing its onslaught of attacks.”

SpyNote RAT differs from similar forms of trojan viruses by using the unusual method of tapping into the Services, Broadcast Receivers, and Activities components of the Android platform, meaning that it is able to run operations in the background without the need for user interaction.

“Command execution can create havoc for [the] victim if the malware developer decides to execute commands in the victim’s device,” Desai added. “Leveraging this feature, the malware developer can root the device using a range of vulnerabilities, well-known or zero-day.”

Desai advises hat the best way to avoid becoming infected from fake apps that include SpyNote RAT  is to avoid side-loading apps from third-party app stores and avoid the temptation to play games that are not yet available on Android.

Image credit: Starkus01/Wikimedia Commons/CC SA 4.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU