Tuesday, 31 January 2017

On 00:44 by admin   No comments

Cyber criminals prefer targeting Android devices due to its open-source model which means the source code is freely available for anyone to see and use. Lately, there has been an increase in third party apps for Android users but these apps come with a hefty price.

Recently, the IT Security researchers at Zscaler identified some fake apps uploaded by cyber criminals that are infected with an infamous SpyNote RAT (Remote Access Trojan). HackRead first reported on SpyNote in August last year when Palo Alto’s Unit 42 revealed that the Trojan allows attackers to gain remote administrative control of those devices on which users have installed apps in APK format, the process of downloading apps in APK format on Android devices is known as “sideloading” which is only possible if the user has allowed “Unknown Sources” in their security settings.

At this time, SpyNote is not present in Google Play Store, however, researchers at Zscaler have identified several third-party apps that are not only fake but also infected with SpyNote. The names of those apps as identified by Zscaler are:
“Netflix, Whatsapp, YouTube, Video Downloader, Google Update, Instagram, Hack Wifi, AirDroid, WifiHacker, Facebook, Photoshop, SkyTV, Hotstar, Trump Dash and PokemonGo.”
Among the above-mentioned apps, Zscaler researchers have kept their emphases on fake Netflix app being infected with a new variant of SpyNote RAT. According to Shivang Desai of ZScaler, “The iOS and Android apps for Netflix are enormously popular, effectively turning a mobile device into a television with which users can stream full movies and TV programs anytime, anywhere. “But the apps, with their many millions of users, have captured the attention of the bad actors, too, who are exploiting the popularity of Netflix to spread malware.”

Screenshot source: Zscaler

The new variant comes with capabilities to perform actions including reading text messages, viewing contacts, turning on the microphone of an infected device and listening to conversations, recording screen, take screenshots, and send user files to a Command & Control (C&C) set up by cyber criminals.

Full preview of access SpyNote gets on an infected device / Screenshot source: Zscaler


Post a comment