Cybercriminals are always on the attack, looking for new ways to rip us off. That makes it more important than ever to keep your guard up to try and stay ahead of these thieves.
One thing fraudsters especially like to do is target people who use popular sites and apps. That’s why you need to know about the latest Netflix scam.
Researchers with Zscaler recently discovered malware hidden inside a fraudulent Netflix app. This fake app was created with the SpyNote Trojan builder, which first appeared on the Dark Web in 2016.
How this Netflix malware impacts you
After downloading this fake app, an icon that looks like the real Netflix logo appears on the victim’s gadget. When this icon is clicked, the logo disappears, making it seem like the app was removed from the device.
What’s actually happening is, a Remote Access Trojan (RAT) is installed. RAT malware allows a hacker to take over your gadget completely.
The scammer can copy files from your gadget and send them to its Command and Control (C&C) center, view a list of your contacts and steal all of your text messages.
Even creepier is the fact that they could activate the gadget’s microphone and listen in on your conversations. They could also take pictures or screen captures without you knowing about it.
The criminal is able to execute commands from the victim’s gadget. This means the thief can uninstall apps, along with antivirus protections, from your device. This makes it more likely the malware will stick around on the infected gadget.
This fraudulent app was not found in the Google Play Store and has nothing to do with the legitimate Netflix app. It was only available in third-party app stores for Android users.
The malware has only been discovered in the fake Netflix app, as of now. Zscaler researchers say this threat could expand to others in the very near future.
If you want the Netflix app, make sure it does not come from a third-party app store. That is too much of a risk.
How to avoid malicious apps
Here are some ways to avoid being infected by a malicious app:
- App stores – Stay away from third-party app stores. There have been a few examples of malicious apps in the Google Play Store and Apple’s App Store, but they are very rare. Third-party app stores do little vetting of apps, making it easier for scammers to spread malware there.
- Check the apps’ developer – Verifying the name of the app developer is important. Copycat apps will have a different developer’s name than the actual one. Before downloading an app, do a Google search to find the original developer.
- Reviews – Most of the popular apps will have reviews by other users in the app store. You can sometimes find reviews by experts online. These are helpful at pointing out malicious or faulty apps. If you find a review warning the app is malicious, do NOT download it.
- Update your gadget – Make sure that you have downloaded the latest security and operating system updates. These updates usually include patches to help protect your device from the most recent threats.