Cybercriminals exploiting Netflix global rollout: Symantec expert
By Digital News Asia February 23, 2016
- One campaign attempts to steal user credentials, including payment info
- Other cybercriminals using malware to tap on Netflix black market
AS if the global rollout of Netflix Inc’s video-streaming service was not already fraught with challenges, now cybercriminals are exploiting it to steal user credentials, including payment details, according to Symantec Corp.
New research by the company tracks how cybercriminals have piggybacked on Netflix’s global expansion to steal users’ credentials in order provide the streaming service at black market prices, Symantec said in a statement.
It has observed two different attack methods:
- The first is a malware campaign aimed at stealing bank information from the affected computer where the malicious files are downloaded by users who were tricked by fake ads or offers of free or cheaper Netflix access; and
- The second attempts to steal Netflix login credentials through phishing campaigns that redirect users to a fake Netflix website and tricks them into providing their login credentials, personal information, and payment cards details.
Both malware and phishing campaigns help attackers gather the credentials needed to break into victims’ Netflix accounts, Symantec said.
However, the attackers may not just keep this access for themselves. There is an underground economy targeting users who wish to access Netflix for free or at a reduced price, the company said.
The products could even allow customers to open their own illegal store, it added.
“One malware campaign involves malicious files posing as Netflix software on compromised computers’ desktops,” said Symantec threat intelligence officer Lionel Payet.
“The files are downloaders that, once executed, open the Netflix homepage as a decoy and secretly download Infostealer.Banload, which steals banking information from the affected computer. The trojan has primarily been used in Brazil.
“The Netflix-disguised files aren’t dropped through drive-by downloads. Instead, the files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix,” he said in a blog post.
Attackers may also target Netflix users by attempting to steal their login credentials through phishing campaigns, Payet said.
“Netflix subscriptions allow between one and four users on the same account. This means that an attacker could piggyback on a user’s subscription without their knowledge.
“In these phishing campaigns, attackers redirect users to a fake Netflix website to trick users into providing their login credentials, personal information, and payment cards details.
“These tactics are not uncommon; cybercriminals are still using them on a daily basis,” he added.
Symantec said it observed one Netflix phishing campaign on Jan 21 which was crafted for Danish users. The phishing email tried to trick users into believing that their Netflix account needed to be updated, as there was an issue with their monthly payment.
Netflix black market
There is a black market for Netflix accounts, according to Symantec, an underground economy targeting users who wish to access Netflix for free or at a reduced price. The products could even allow customers to open their own illegal store.
“The most common offers are for existing Netflix accounts. These accounts either provide a month of viewing or give full access to the premium service,” said Payet.
“In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise,” he added.
Another offering includes Netflix account generators. The accounts created through these tools may come from stolen Netflix subscriptions or payment card details.
“The generators’ creators regularly update their databases with new accounts and disable ones that don’t work anymore. Buyers can use this software for themselves or resell the generated accounts on the black market,” said Payet.
Symantec advises users to only download the Netflix application from official sources. Additionally, users should not take advantage of services that appear to offer Netflix for free or at a reduced price, as they may contain malicious files or steal data.
Related Stories:
Netflix’s Asian ambition faces challenges: Analysts
Piracy is biggest Netflix competitor in Singapore: Lawyer
Hooq and iflix gird themselves for Netflix invasion
Illegal Game of Thrones downloads a major driver of increasing piracy
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.