Fake WhatsApp, Netflix, Facebook Android Apps Contain SpyNote RAT

Due to its open source nature, hackers are recently targeting Android devices more as the source code is freely available for anyone who is interested in to have a look. Recently we can see a huge increase in the third party apps for the Android users but these do come with a price.

Recently, IT Security researchers at the Zhavscaler have identified many fake apps that are uploaded by hackers and cyber criminals. These apps are infected with SpyNote RAT (Remote Access Trojan). The website HackRead has reported on SpyNote in August last year back when Palo Alto’s Unit 42 revealed that their Trojan allows the hackers to gain remote administrative control of those devices upon which the users have installed applications in the APK format, process of downloading apps in APK format on Android devices is also known as “sideloading” which is only possible if you allowed “Unknown Sources” in the security settings.

“Netflix, Whatsapp, YouTube, Video Downloader, Google Update, Instagram, Hack Wifi, AirDroid, WifiHacker, Facebook, Photoshop, SkyTV, Hotstar, Trump Dash and PokemonGo.”

Among all the above-mentioned apps, the Zscaler researchers have put their interest on fake Netflix app that is being infected with a new variant of the SpyNote RAT. According to the Shivang Desai of ZScaler, “The Android apps and iOS for Netflix are very popular, properly turning a mobile device into a television using which users can stream TV programs and movies anytime and anywhere. “But these apps, with their popularity and many millions of users, have captured attention of the bad actors, too, who are now exploiting the popularity of Netflix to spread their malware.”

The new variant comes with capabilities to perform actions including viewing contacts, reading text messages, turning on the microphone of an infected device, recording screen, listening to conversations, send user files to a Command & Control (C&C) set up by cyber criminals and take screenshots.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA