Zscaler, a cloud security provider, discovered a fake version of the Netflix app on third party app stores that compromises security using mobile app security testing. Zscaler has advised all mobile users to download Netflix from the authorised Apple app store and Google Play Store.

The malicious app contained spyware, named as SpyNote RAT (Remote Access Trojan), that showed after mobile app security testing. This spyware undermines mobile security via stealing the user’s information, reading SMS messages, viewing contacts, copying device files to a Command and Control Center, executing commands on the device, activating the microphone and listening to real time conversations.

When a user installs the fake Netflix app, the spyware app, for all intents, and purposes seems to be the Netflix app. When the user clicks on the icon for the first time, the icon disappears and nothing appears to happen. The user might think that the app has failed to install, however, now the spyware has bypassed device security and starts preparing its attacks.

When contacting the Command and Control server, the spyware makes use of Free DNS services. It also ensures that it continues to spy on the mobile device and does not stop doing so by using the broadcast receivers, services, and activities components of Android.

If the hacker decides to run commands on the victim’s device, the hacker is able to root the device.

SpyNote RAT can also take screen shots and listen to live audio conversations around the device by turning its microphone on, something that it was already given permission for when the app was being downloaded. The app was also observed to be stealing SMS, gathering contact details and uninstalling apps. It also only works over WiFi, in order to easily send files to the C & C center.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.