Security experts discovered a new version of the SpyNote Trojan which poses as a legitimate Netflix Android app, continue reading to find out more about it.
SpyNote Android Trojan Malware Imitates Netflix
Android security experts discovered a new version of the SpyNote Trojan which this time poses as a legitimate Netflix app for the mobile operating system. Upon infection the malware enables remote control of the infected device. By using it the remote attackers can attain full control of the device. This includes file transfer, contacts retrieval, eavesdropping and command execution. The fact that the malware has so many advanced features allows the developers to root the device and institute various dangerous effects on the device. Some of the dangerous scenarios include the following:
Eavesdropping – The criminals can harvest and listen to any active communications and messages.
Sensitive Files Retrieval – The attackers can download any files from the remote infected device.
Further Infections – The SpyNote Trojan can be used to infiltrate the devices with additional malware.
Remote Arbitrary Command Execution – The attackers can execute any command on the infected devices.
Botnet Recruitment – It is possible that the infected devices can be recruited into a large botnet network.
When the app is opened by the user the icon disappears from the home screen. At the same time the remote command and control servers are contacted to inform of the infection. In addition any detected security software can be uninstalled by the application to avoid any detection.
During the security analysis the experts stated that the Trojan is able to take screenshots of the device and record audio conversations. The recorded contents are saved in a video file that is sent back to the attackers. SMS messages and contacts lists are also harvested. In order to work efficiently the Trojan needs to be connected to a Wi-Fi or mobile network. This is needed to transmit the stolen data and to receive the necessary commands from the remote hackers. In addition the virus can harvest information about the running apps and can change the network connectivity options.
The new strain has not been involved in large-scale attack campaigns yet. The primary method of distribution is to insert the malware into legitimate apps. The infected installers can then be uploaded to a variety of third-party repositories. Stolen developer names can also be used to infiltrate the Google Play store.
