Fake Netflix Apps Deliver Banking Trojans

Fake Netflix Apps Deliver Banking Trojans

Fake Netflix Apps Deliver Banking Trojans

Along with its expansion to more countries, Netflix has become that more attractive to malware operations, who have not shied away from taking advantage of the company’s users.

According to Symantec researchers, Netflix users are targeted by a new malware campaign that advertises itself as a cheaper method to access and watch movies on Netflix.

Netflix apps laced with infostealers

This campaign is unique from most malware operations because it doesn’t rely on spam email, but actually on ads that redirect interested users to a direct download website from where users get the malicious files themselves.

These files are spiked with a malware family named Infostealer.Banload, a known banking trojan that steals credentials for various online banking portals.

First observed in October 2015, this malware is now part of a campaign targeting Netflix users, mainly in Brazil, being able to target users on Windows XP, Vista, and 7.

Criminals are phishing for Netflix credentials

But contaminated Netflix apps is not the only thing users should fear, Symantec also warning users against Netflix phishing scams. The most recent of these was seen around January 21 targeting Netflix Denmark users, who were asked to navigate to a Netflix clone website to confirm their identity and fix an issue with their latest payment.

Besides facing the potential of losing their Netflix credentials, the crooks behind this campaign are also collecting personal data for each user, including credit card information, which they could later use for fraudulent transactions.

Additionally, Symantec also warns users against using shady Netflix membership renting websites, which promise users access to Netflix accounts at insignificant prices.

The people behind these websites are actually providing access to hacked accounts, and you may end up sponsoring a crime ring without even knowing, or even worse, being infected with malware if the service asks you to install their custom app to access their service.

SOURCE