Symantec Warns of Netflix Malware and Scams

Symantec Warns of Netflix Malware and Scams

Security experts are warning users to beware of new malware and information stealing phishing campaigns piggy backing on the global popularity of Netflix.

The online video site announced at CES last month that its service is now available in 190 countries worldwide, and hackers have already been looking to exploit this, Symantec threat intelligence officer, Lionel Payet explained in a blog post.

The security vendor has found examples of malicious files masquerading as Netflix software.

These files are apparently downloaders which, when opened, fire up the Netflix home page while downloading banking trojan Infostealer.Banload in the background.

“The Netflix-disguised files aren’t dropped through drive-by downloads. Instead, the files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix,” Payet explained.

Symantec has also spotted phishing campaigns redirecting users to a fake Netflix site designed to harvest login credentials, personal information, and payment card details.

One specific example targeted Danish users with a message appearing to come from the video site requesting the victim to click through and update their account information, as there had been an issue with payment.

As with other high-profile companies like Uber, there is apparently a thriving underground trade in compromised account information.

“The most common offers are for existing Netflix accounts. These accounts either provide a month of viewing or give full access to the premium service,” explained Payet.

“In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise.”

Also available on underground sites are Netflix account generator tools, most likely powered by databases of stolen credentials which are regularly updated.

“Symantec advises users to only download the Netflix application from official sources,” urged Payet.

“Additionally, users should not take advantage of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or steal data.”

Source: Information Security Magazine