Netflix fans are threatened by a SpyNote RAT

We have been aware of SpyNote, a remote access Trojan, targeting mobile devices and attempting to gain administrator rights in it ever since 2016. Dozens of diverse, recreational and valuable programs are available in a Google Play Store which is the main source of apps. In the midst of reliable tools that will brighten up your day while juggling regular arrangements and responsibilities of life, security experts detect imposter applications that pretend to provide note-worthy services. SpyNote RAT presents itself as a Netflix app and uses the main logo to appear legitimate. The latter Trojan exploits this deceptive tactic of impersonating Netflix under a pretense to reach mobile devices and gain control over them. Since Android owners will be convinced that this is the legitimate version of Netflix, they won’t sense any danger of letting a RAT in and serving its favorite cheese for dinner.

As a matter of course, users that were mislead to download the fabricated version of Netflix will immediately follow their natural desire of checking it out. Netflix icon is going to be placed in the home screen and patiently await for the time to launch. After user clicks on the installed application, nothing new appears in the screen and the icon itself simply vanishes into thin air. After feeling of confusion passes, user might assume that something went wrong and Netflix was deleted. Sadly, situation differs from these assumptions.

SpyNote RAT does not go anywhere: it won’t leave your device that easily. If this imposter slips into a device that is protected by a security tool, RAT will presumably weaken its activity. Trojan shows loyalty to its creators by contacting them via C&C server and informing them about a newly infected machine. Then, the control is handed to the hackers, responsible for SpyNote. A one small flaw can disrupt cyber criminals’ plans: infected device has to be connected to a WI-FI network: only then monitoring can be successfully implemented.

SpyNote RAT is a real threat to mobile owners as it has the capacity of obtaining information that should remain personal. Basically, content that is stored in the infected device becomes obtainable by hackers. They can become aware of almost anything, you name it: your contact lists, messages, steal files, install other malicious apps, turn on your microphone or camera and listen to your phone calls. Quite frightening, right? Don’t allow hackers to spy on your personal affairs: download applications from Google Play Store extremely cautiously. Many popular apps have fabricated versions: always try to discover the legitimate one that is not a variant of SpyNote RAT or other Trojan.

Sources: infosecurity-magazine.com, threatpost.com.