Thursday, October 13, 2011
Bogus Netflix Application For Android Steals Passwords, Won't Let You Watch Movies
A report from Symantec claims that malware authors tricked an untold number of Netflix users into coughing up their account credentials with a Trojan horse application that doubled as a Netflix app for the Android platform.
In a blog post, Symantec researcher Irfan Asrar writes about a new piece of malware, Android.Fakenflick (not to be confused with NPR star reporter David Folkenflick, mind you), which looks identical to the legitimate Neflix application, but sends any user name and passwords entered via the Android phone to a remote server controlled by the attackers. According to Symantec, the malware was first identified on October 10 and has been linked to just a small number of infections. After accepting the user's Netflix credentials, the malware displays an message saying the Android phone is not supported by the application, which is then uninstalled.
The malware is designed to look and behave exactly like the legitimate Netflix application for Android - with a similar look and feel. The application also requests the same permissions of the phone user. Asrar hypothesizes that malware authors were simply jumping on an opportunity to get hungry Netflix users to download their malware, after Netflix released an official Android application that only ran on certain Android phones. An ad hoc effort sprang up to port the app to non supported platforms. Users who downloaded Fakenflick may have thought they were getting a grayware ported version of the application.
Story - https://threatpost.c...h-movies-101311