Symantec Warns of Malware Posing as Netflix Apps

A bogus Netflix app delivers more than just free movies; it also delivers malware and could steal the credentials of legitimate users too.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors


Netflix has emerged in recent years as one of the most popular sources for online entertainment, and it is now also a popular target for hackers, according to new research from Symantec.

Symantec has discovered several Netflix-related attacks, including one involving malicious fake Netflix apps. The apps do lead victims to the Netflix Website, but in the background they also install the Infostealer.Banload Trojan, which can steal a user's banking information.

"The malware disguised as Netflix applications were likely downloaded by users who may have been tricked by a fake advertisement or offers for free or cheaper access to Netflix," Satnam Narang, senior security response manager at Symantec, told eWEEK.

While Symantec was able to detect the fake Netflix application attack, it's unclear how widespread the attack is. Symantec is unable to provide the infection rate at this time, according to Narang.

Symantec also discovered a second attack involving Netflix that attempts to steal user credentials. The phishing campaign tricks unsuspecting Netflix users into inputting their user credentials into a fake Netflix site. One of the phishing emails discovered by Symantec is designed to look like an official Netflix notice advising users to log in to update their account.

Phishing attacks continue to be a significant concern overall, with a recent report from Cloudmark claiming that 91 percent of organizations encountered a phishing attack in 2015. While phishing is not a new phenomenon, many attacks are still able to successfully exploit unsuspecting users.

As it turns out, the phishing attacks designed to steal Netflix user information aren't just from an individual hacker who wants to stream entertainment for free, but rather are part of a more elaborate scheme that has an entire business model around it. Symantec is reporting that there is an underground economy for stolen Netflix accounts, offering the promise of lower cost or even free access.

Among the tools discovered by Symantec is one called Netflix Generator, which promises its users "freshly cracked accounts" that are updated daily. Those accounts can then be used, or even resold to others, as part of an illicit scheme involving the stolen user credentials.

Narang said that Symantec shared its research findings with Netflix prior to publicly disclosing the research.

While Netflix might have a role to play in limiting the risk, so too do users. For the Netflix malware app, basic security hygiene will help users protect themselves.

"Symantec and Norton products protect users against the malware," Narang said. "We detect the fake Netflix applications as Downloader and Infostealer.Banload."

Going a step beyond relying on technology to protect against Netflix-related attack campaigns, Narang advises users to exercise caution about emails claiming to be from Netflix.

"Users should be skeptical of unsolicited emails claiming that they need to update their Netflix account," he said. "Users seeking free or cheaper access to Netflix should be aware of the risks involved in that pursuit."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.