Bogus Netflix Application For Android Steals Passwords, Won't Let You Watch Movies


Recommended Posts

Thursday, October 13, 2011

Bogus Netflix Application For Android Steals Passwords, Won't Let You Watch Movies

A report from Symantec claims that malware authors tricked an untold number of Netflix users into coughing up their account credentials with a Trojan horse application that doubled as a Netflix app for the Android platform.

In a blog post, Symantec researcher Irfan Asrar writes about a new piece of malware, Android.Fakenflick (not to be confused with NPR star reporter David Folkenflick, mind you), which looks identical to the legitimate Neflix application, but sends any user name and passwords entered via the Android phone to a remote server controlled by the attackers. According to Symantec, the malware was first identified on October 10 and has been linked to just a small number of infections. After accepting the user's Netflix credentials, the malware displays an message saying the Android phone is not supported by the application, which is then uninstalled.

The malware is designed to look and behave exactly like the legitimate Netflix application for Android - with a similar look and feel. The application also requests the same permissions of the phone user. Asrar hypothesizes that malware authors were simply jumping on an opportunity to get hungry Netflix users to download their malware, after Netflix released an official Android application that only ran on certain Android phones. An ad hoc effort sprang up to port the app to non supported platforms. Users who downloaded Fakenflick may have thought they were getting a grayware ported version of the application.

Story - https://threatpost.com/en_us/blogs/bogus-netflix-application-android-steals-passwords-wont-let-you-watch-movies-101311

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...