Bogus Netflix App Steals User Account Info

October 14, 2011
2
37
3 32 2

Don’t let your guards down as a false Netflix app has been making the rounds on Android devices and stealing account information from users.

Netflix, one of the most popular online video streaming service providers in the U.S., had announced its limited Android app version with only certain devices compatible with it. Only up to the early part of this year, has Netflix made its official app available to multiple devices through an official client partnership with the Android Market.

However, the demand over the Netflix app increased immediately after the announcement of the initial limited release. This demand stoked the ingenuity of malware developers to make a bogus Netflix app and take advantage of the Netflix craze.

Unfortunately, there were already reports of people being victimized by the sham Netflix app. Wanting this popular app running on their own non-compatible devices, they ended up with their account information being stolen instead.

There are few differences between the real app and the fake app. The pictures below show the differences between the UI of the real and bogus Netflix:

However, there were also a bunch of similarities, such as multiple security permissions being asked for as the app is installed.

The fake app shows a log-in screen and asks you to supply your credentials. Once the user fills out the form and submits it, the app sends the information to the malware developer’s remote server rather than to the official Netflix servers.

With your private information available to third-party developers, your Netflix account can be hacked using the information. Fortunately, accessing credit card information will not be easy as only the last 4 digits of your credit card will be shown.

Nobody is sure yet on how the hackers can make money out of the information they have.  Though, CNET News reports a possible effect: this sham Netflix app, which is a Trojan, might be just a test run for a phony bank account mobile app. If that will be on the loose, it will surely be a security risk for Android users.

The original and authentic Netflix app can only be downloaded from the Android Market. Where else did you get your Netflix app from?

Image credit: Symantec

Comments