Shivang Desai, a security researcher at ZScaler, wrote: 'The iOS and Android apps for Netflix are enormously popular, effectively turning a mobile device into a television with which users can stream full movies and TV programs anytime, anywhere.
'But the apps, with their many millions of users, have captured the attention of the bad actors, too, who are exploiting the popularity of Netflix to spread malware.'
The fake app is downloaded from an unofficial source, rather than from the Google Play Store.
It uses a piece of software called a trojan, which sneaks onto devices disguised as an app.
When the user clicks on the spyware's icon for the first time, nothing seems to happen, and the icon disappears from the home screen.
This makes the user think that the app may have been removed, but in actual fact, the malware is preparing an onslaught of attacks.
Once the device is infected, hackers can activate the microphone and listen in to live conversations.
They can also control the device themselves, copying files from the device to a Command and Control centre.
Hackers can also take photos of their victims in intimate setting and gain access to their contact list and text messages.
SpyNote was first identified last year, but it has only recently been hidden within the fake Netflix app.
And experts say that anyone who downloads apps from non-official sites is at risk.
Jacob Soo, an analyst at Palo Alto Networks, wrote: 'Installing apps from third-party sources can be very risky - those sources often lack the governance provided by official sources such as the Google Play Store, which, even with detailed procedures and algorithms to weed out malicious applications, is not impregnable.'
