Cybersecurity experts are warning Android users to be on the lookout for a fake Android application that mimics popular video streaming service Netflix but in reality will leave your smartphone or tablet wide open to attack from cybercriminals.
Discovered and analysed in detail by researchers from cybersecurity firm Zscaler, the malicious software is a type of Remote Access Trojan (RAT) that builds on a piece of spyware code first leaked online last year. It is not yet circulating in public but that will soon change, the experts stated.
Dubbed SpyNote, it will not play the latest episode of your favourite TV show but will give hackers the ability to use the microphone to listen in on your conversations in real-time, read text messages, snoop on your contact lists and steal any files stored on the device.
"Android apps for Netflix are enormously popular [...] but the apps, with their many millions of users, have captured the attention of the bad actors who are exploiting the popularity of Netflix to spread malware," said Zscaler researcher Shivang Desai.
SpyNote is not related to the genuine Netflix service and, at the time of writing, is only able to spread via third-party marketplaces. But despite clear dangers often associated with such sources, many users are still enticed with the promise of free or as-yet unreleased apps.
After installation by an unwitting victim, it mirrors the icons used by the official app, however, once clicked, it completely disappears from the home screen.
"This is a common trick played by malware developers, making the user think the app may have been removed. But, behind the scenes, the malware has not been removed; instead it starts preparing its onslaught of attacks," Desai said.
One of the most dangerous attacks it enables is called "command execution" which allows the spyware developer to remotely send instructions to the victim's device. The app is also designed to only work over WiFi, the preferable way for malware to send files to the hacker.
Zscaler researchers found roughly 120 separate versions of spyware based on the same leaked source code and said it appears to be rapidly gaining popularity in the hacker community. Furthermore, it can now mimic other apps, including WhatsApp, Instagram and Pokémon Go.
"Because mobile devices are everywhere, malware is everywhere, too," Desai said. He added: "The days when one needed in-depth coding knowledge to develop malware are long gone. Nowadays, script kiddies can build a piece of malware that can create real havoc."
Recently, another piece of Android-based source code was leaked online to an underground forum. Named BankBot, it can stealthily infiltrate targeted devices to hijack personal details, snoop on text messages in real-time and steal banking credentials.