Fake Netflix Android App Steals Passwords
|Image composite by SecurityNewsDaily|
Watching a movie or TV show on your mobile phone may be convenient, but it is not necessarily safe. It's an action that could also leave you, especially if you're watching with an Android device, less than entertained.
A pirated copy of Netflix's official Android app has been floating around online forums. The phony app looks almost identical to the real one, except the impostor won't take you to your personalized queue of movies and streaming content; instead, it contains a Trojan that will try to trick you into handing over your account information, including your email address and password.
The Trojan, Android.Fakeneflic, "is a textbook case of an information-stealing Trojan that targets account information," Irfan Asrar from the security firm Symanec wrote in a blog post. The Trojan, which was spotted Oct. 10, collects any information victims enter into the fake app's log-in screen and sends it to a remote server controlled by the malware authors.
However, the server that was posting the harvested data is currently offline, Asrar said, and the bogus Netflix app does not, unlike many other Android Trojans, attempt to automatically install any additional corrupt software onto a victim's phone.
The real danger, Asrar writes, may be in what this Trojanized Netflix app signifies for the future of personalized, anytime-you-want-it media.
"Android.Fakeneflic just goes to prove that 'On Demand Content,' the next evolution of media, is not without its own demons," Asrar said. He adds, "This threat really makes you start to wonder: will television user manuals soon replace the section about adjusting the antenna for better reception with a section about how to run a full scan?!"
As mobile, Internet-enabled devices become commonplace, Asrar says malware designed to exploit smartphones will become "as ubiquitous as the devices/platforms themselves."