Fake Netflix App Hacks Smartphones
By Mark Phillips ¦ Blog.TotalAV.com ¦ Updated 20th April 2017, 07.31 EDT
Like many of the world’s leading streaming services, Netflix has a hugely popular app available to its many users. But hackers have been preying on users who are quick to download and install apps without double-checking for developer authenticity. Cyber security professionals have recently discovered a phony Netflix app, which, once introduced to a mobile device, can become extremely invasive by spying on day-to-day activities.
With the app granting access to a host of mobile features, including camera, microphone and SMS messages, hackers can potentially listen to conversations and even take compromising photos of its unsuspecting owner. Security experts at Zscaler refer to the app as “SpyNote RAT”, describing it as “a well-crafted piece of spyware.”
“The iOs and Android apps for Netflix are enormously popular, effectively turning a mobile device into a television with which users can stream full movies and TV programmes anytime,” stated Shivang Desai, a Zscaler security researcher.
Desai believes that mainstream official apps, such as Netflix, are attracting the attention of hackers who wish to silently exploit users by spreading malware via unassuming means: the fake app. With the app being downloaded from an unofficial source, as opposed to a trusted site such as Google Play, users are vulnerable to attack. Malicious Trojan software then gains entry to the device behind the veil of what was believed to be the official app. If the user attempts to open to icon, it will disappear from the home screen, which may lead users to believe it has been deleted.
In reality, the app is very much alive, and now capable of launching inconspicuous attacks. With security breached, anonymous hackers can activate the device’s microphone to listen to live conversations, control the device by copying files to a Command & Control centre, take intimate snaps, and view contacts and SMS messages.
So, the message from experts couldn’t be clearer: downloading apps from non-official sites can immediately threaten device security and privacy. Furthermore, all apps, even if available from an official app store, should still be double-checked for total authenticity.
According to analyst Jacob Soo of Palo Alto Networks: “Those [third-party] sources often lack the governance provided by official sources such as the Google Play Store, which, even with detailed procedures and algorithms to weed out malicious applications, is not impregnable.”