Fake Netflix, WhatsApp, Facebook Android Apps Contain SpyNote RAT


To protect Android devices from SpyNote RAT; users should not download apps from a third-party store.

Cyber criminals prefer targeting Android devices due to its open-source model which means the source code is freely available for anyone to see and use. Lately, there has been an increase in third party apps for Android users but these apps come with a hefty price.

Recently, the IT Security researchers at Zscaler identified some fake apps uploaded by cyber criminals that are infected with an infamous SpyNote RAT (Remote Access Trojan). HackRead first reported on SpyNote in August last year when Palo Alto’s Unit 42 revealed that the Trojan allows attackers to gain remote administrative control of those devices on which users have installed apps in APK format, the process of downloading apps in APK format on Android devices is known as “sideloading” which is only possible if the user has allowed “Unknown Sources” in their security settings.

At this time, SpyNote is not present in Google Play Store, however, researchers at Zscaler have identified several third-party apps that are not only fake but also infected with SpyNote. The names of those apps as identified by Zscaler are:

“Netflix, Whatsapp, YouTube, Video Downloader, Google Update, Instagram, Hack Wifi, AirDroid, WifiHacker, Facebook, Photoshop, SkyTV, Hotstar, Trump Dash and PokemonGo.”

Among the above-mentioned apps, Zscaler researchers have kept their emphases on fake Netflix app being infected with a new variant of SpyNote RAT. According to Shivang Desai of ZScaler, “The iOS and Android apps for Netflix are enormously popular, effectively turning a mobile device into a television with which users can stream full movies and TV programs anytime, anywhere. “But the apps, with their many millions of users, have captured the attention of the bad actors, too, who are exploiting the popularity of Netflix to spread malware.”

Screenshot source: Zscaler


The new variant comes with capabilities to perform actions including reading text messages, viewing contacts, turning on the microphone of an infected device and listening to conversations, recording screen, take screenshots, and send user files to a Command & Control (C&C) set up by cyber criminals.

Full preview of access SpyNote gets on an infected device / Screenshot source: Zscaler

After installing, once the app is tapped to open it shows a blank window and removes itself from the screen tricking users into believing the app has been removed from the devices but actually it runs from the background to carry its malicious attack. It must be noted that there are several other fake apps currently infected with malware including Super Mario Run and Pokémon Go.

How to protect your device from malware: 

To protect your Android device from malware and RATs like SpyNote; users must never download apps from a third-party store and only use Google Play Store to download apps. Also, never click on a link sent by an unknown contact in an SMS or email message and don’t forget to go through our 7 easy tips to strong Android security against hacks. Stay safe online.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.