Netflix Trojan Targets Android Smartphone Users: Symantec

 
 
By Clint Boulton  |  Posted 2011-10-13
 
 
 

Netflix's (NASDAQ:NFLX) staggered launch of its mobile application for Google (NASDAQ:GOOG) Android handsets provided the perfect cover for a new Trojan to attack unsuspecting users, according to security power Symantec (NASDAQ:SYMC).

The malware at issue, dubbed Android.Fakeneflic and classified as "very low risk" by Symantec, is a "text-book case of an information stealing Trojan that targets account information," said Symantec security engineer Irfan Asrar.

As text book as the Trojan malware might be, it's one that seems only possible within the Android ecosystem, where some third-party companies launch Android apps on some devices before others due to compatibility and security issues.

That's what happened with Netflix.

Netflix rolled out its Android app to let users take their streaming movies and TV shows on the go, starting with only five handsets in May: the HTC Incredible with Android 2.2, HTC Nexus One with Android 2.2 and 2.3, the HTC Evo 4G with Android 2.2, the HTC G2 with Android 2.2 and the Samsung Nexus S with Android 2.3.

Netflix Product Manager Roma De said Android's rapid adoption and evolution made it challenging to build a streaming video application because there just isn't a digital rights management (DRM) standard for secure, streaming playback that Netflix can adhere to for rolling out its application to every Android phone.

The Netflix for Android app finally rolled out on all Froyo and Gingerbread handsets in September.

However, that gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit, as developers tried to port pirated copies of the app to run on handsets Netflix did not officially support.

The Trojan requires multiple permissions at the time of installation, which are identical to the permissions required by the official Netflix.

Asrar said the app is largely just a splash screen followed by a log-in screen where user information is captured and posted to a server. Fortunately, that server appears to be offline.

Still, users need to be sure not to download any funky Netflix apps not vetted by the Android Market or Netflix itself.

Symantec's discovery earlier this week comes during the U.S.-based National Cyber Security Awareness Month.

"One highly visible concern that makes this year different from previous years is the triple-digit growth rates that are being reported across the board by every antivirus vendor when it comes to threats discovered that target mobile devices," Asrar said.

Clearly, mobile devices -- smartphones and tablets -- are increasingly replacing PCs as the ideal attack vendors for malware perpetrators.

 
Rocket Fuel