Fake Patche Netflix app steals SMS

Of course, an app promising unrestricted access to Netflix is a scam. Don’t fall for it!

If it looks too good to be true, it probably is. If nothing else, please remember those words as your takeaway from this post. There’s no easier grab for the cybercriminal than a naive user, and that’s just what this fake app called Patche Netflix targeting French users is doing.


Note how the green description under the app name
“net flix” spelled as 2 words. Misspellings are
found in fake app listings.

This malware-hiding app promises to unlock all Netflix geoblocking, granting the app user unrestricted access to all Netflix content, stating in its description (translated from French):

"The exclusive contracts between the producers and the chains make for example that the House of Cards series - nevertheless produced by Netflix - remains exclusive to Canal+ ni France. Our legal constraints will also prevent us from seeing Star Wars 7 on the streaming service before (at least) December 2018...But Patche Netflix promises to offer movies from around the world in one click."

But what the app really does is steal SMS messages.

As the “Netflix Patch” app installs on the device, it requests permission to send and view SMS messages. Then, when installation is complete, the app actually hides the icon from the app drawer, presumably so the user forgets that it’s there. Then it views and sends the device’s SMS messages back to a C&C (command and control server). 

We discovered this scam through our mobile threat intelligence platform (MTIP) which we call apklab.io. The platform is busy 24/7 monitoring all mobile threats hitting the Avast network and our partners, analyzing the malware, classifying it, and learning from it.

The dynamic analysis sandbox and ML model included in apklab.io detected the application as malicious. Anyone with Avast Mobile Security for Android installed and who tried to download the app were notified of the threat and the app was blocked. These fake app scams and other phishing tactics that use social engineering are on the rise and only getting smarter. Stay safe from those and the world of other online threats by letting us protect you. Download our free Avast Mobile Security today and stay secure.

UPDATE 12/17/18:  Since the writing of this blog post, and notifying Google, the app has not been removed from the Google App Store.

--> -->