Android users need to be wary as a fake app that can steal precious data is on the prowl.

According to cybersecurity experts, SpyNote dupes people into believing that they are using popular apps. The malware poses as the Netflix app but is actually stealing data from one's mobile device, leaving it susceptible to cyberattacks.

The spyware was discovered by the ThreatLabZ team of Zscaler, the cloud security firm, which shared that SpyNote is essentially a Remote Access Trojan or RAT.

"Android apps for Netflix are enormously popular [...] but the apps, with their many millions of users, have captured the attention of the bad actors who are exploiting the popularity of Netflix to spread malware," shared Shivang Desai, a researcher with Zscaler.

Fake Netflix App: How Does It Operate?

The fake Netflix app reportedly builds on a spyware code that leaked in 2016. It is apparently using an updated variant of the SpyNote RAT build.

While this build is not available to the public yet, that may soon change according to experts. The research team revealed that the spyware mimicked the Netflix app. Once a user installed it, the icon on the original Netflix app on the Google Play Store was displayed by the spyware. This duped users into believing it was the real deal.

When the user clicks on the icon of the spyware the first time, nothing happens. The icon automatically vanishes from the smartphone or tablet's home screen.

This trick from malware creators is not uncommon, as a user is led into believing that the fraudulent app has been removed for some reason. However, unknown to the user, the spyware is still functioning covertly and is preparing to start the attacks.

How does the SpyNote RAT continue to run and spy you wonder? It uses "Services, Broadcast Receivers, and Activities components of the Android platform."

Basically, Services are capable of performing background operation for a long period and it does not require a UI for the purpose. The Broadcast Receivers, on the other hand, are Android parts which are able to register on their own for a specific event. Lastly, Activities are pivotal to the navigation of an app.

How Dangerous Is SpyNote?

SpyNote will not be playing one's favorite Netflix shows, but it will equip hackers with the ability to deploy the device's microphone and listen to a user's live conversations. The hackers will also be able to snoop on a user's text messages, record screen captures, view files stored on the mobile device, as well as spy on the contact list.

The malware can enable a "command execution," which will allow the developer of the spyware to send remote instructions to the compromised device. SpyNote can also work on Wi-Fi as it is the preferred medium for the malware to share files to the attacker

How Does It Spread?

It is important to remember that SpyNote is in no way linked to the genuine Netflix app. It is able to spread only through third-party marketplaces.

Can It Mimic Other Apps As well?

The researchers discovered nearly 120 different spyware versions that are based on the leaked build and believe that the source code is quickly becoming popular with hackers. They also believe that SpyNote RAT is able to pose as various other popular apps such as Instagram, Pokémon GO, and WhatsApp.

Photo: Davide Restivo | Flickr  

ⓒ 2021 All rights reserved. Do not reproduce without permission.