Categories: Security

Malware Poses As Fake Netflix App To Spy On Users And Steal Data

Cloud security provider Zscaler has uncovered a fake Netflix app which, once downloaded, enables cyber criminals to take control over the device.

The app, which was available through a third party app store, was actually a “well crafted” piece of spyware called SpyNote RAT (remote access Trojan), capable of performing functions such as executing commands on the device and activating the microphone to listen to conversations.

It could also take screen captures, view contacts, read SMS messages and copy files from the device to a Command & Control (C&C) centre.

Netflix spyware

Once installed, the fake app displays the same logo as the legitimate Netflix app from the Google Play Store. However, when it is clicked for the first time the icon actually disappears from the home screen, tricking the user into thinking that it has been deleted.

Using the Services, Broadcast Receivers, and Activities components of the Android platform, SpyNote RAT keeps itself up and running, enabling it to continuously spy on its unsuspecting victims.

“Command execution can create havoc for the victim if the malware developer decides to execute commands in the victim’s device,” writes Shivang Desai on the Zscaler blog. “Leveraging this feature, the malware developer can root the device using a range of vulnerabilities, well-known or zero-day.”

“Uninstalling apps is another function favoured by developers of Android spyware and malware. They tend to target any antivirus protections on the device and uninstall them, which increases the possibility of their malware persisting on the device.”

Desai notes that this particular malware targeting the hugely popular video-streaming app appeared to be “more robust” than most, as it was designed to only function over Wi-Fi.

He also warns that SpyNote RAT is “gaining popularity in the hacking community” and has been found targeting several other popular apps including WhatsApp, YouTube Video Downloader, Instagram and Facebook.

This is not the first time Netflix has been targeted by cyber criminals, as a phishing scam was recently discovered to be targeting credit card details and other personal information of users.

Quiz: Everything you should know about cyber security in 2016

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Gloucester City Council Confirms ‘Cyber Incident’

Council IT services hit by so called 'sleeper' malware, with media reports pointing the finger…

7 hours ago

Gigabyte Broadband Pledge At Risk, Warns Spending Watchdog

UK pledge to close the digital divide of broadband services for urban and rural customers…

9 hours ago

UK To Address Marketing Of High Risk Crypto Investments

British financial watchdog says it will curb the marketing of cryptoassets and other high-risk investments,…

12 hours ago

Tesla Driver Charged With Manslaughter After Autopilot Crash

Criminal charges for the first time in fatal crash involving Tesla's Autopilot, as driver is…

13 hours ago

Airport 5G Towers Switched Off In Temporary Aviation Compromise

AT&T and Verizon agree to temporarily switch off 5G towers near certain airports, as operators…

15 hours ago