Powerful Android RAT impersonates Netflix app

Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. The latest example of this is the fake Netflix app spotted by Zscaler researchers.

Powerful Android RAT impersonates Netflix app

The fake app looks genuine at first glance, as it sports the same icon the actual legitimate Netflix app uses. But once it is installed on a smartphone or tablet and the victim clicks on it, it vanishes from the home screen, making most users think that the app has been removed because of a glitch and likely abandon the quest to watch Netflix offerings through the mobile device.

But the app hasn’t vanished – it is simply hiding. It’s actually a Remote Access Trojan (RAT), based on the SpyNote Android RAT builder that’s been freely distributed on several underground hacker forums since last summer.

In fact, according to Zscaler, there are many RATs out there based on the same builder, and they are hidden in apps posing as popular legitimate apps: WhatsApp, YouTube Video Downloader, Google Update, Hack Wifi, AirDroid, SkyTV, Pokemon GO, and so on.

“We found that in just the first two weeks of 2017, there have been more than 120 such spyware variants already built using the same SpyNote Trojan builder as SpyNote RAT and roaming in the wild,” the researchers noted.

“The days when one needed in-depth coding knowledge to develop malware are long gone. Nowadays, script kiddies can build a piece of malware that can create real havoc. Moreover, there are many toolkits like the SpyNote Trojan builder that enable users to build malware with ease and few clicks.”

What this malware does and how to stay protected

In the particular case of the fake Netflix app, the malware is capable of taking screenshots, activating the microphone in order to listen in on victims, viewing contacts, viewing and sending messages, copying files from the device to a C&C server, executing commands on the device (and rooting it), uninstalling other apps (e.g. security apps), and collecting info about the device’s location.

Users are advised to avoid side-loading apps from third-party app stores and to avoid the temptation to play games that are not yet available on Android.

“You should also avoid the temptation to play games from sources other than legitimate app stores; such games are not safe and may bring harm to your reputation and your bank account,” malware researcher Shivang Desai pointed out.