Trojanized Netflix app steals account login credentials

When Netflix released an Android client app earlier this year, it also witnessed the attempts of various app developers who tried to make a pirated copy of it work on other devices and platforms.  The difference between the actual GUI and the fake app, was barely anything.

Both apps were pretty identical except for some troubleshooting tips that were on the bottom of the login screen asking is they forgot their username or password.   Cyber criminals have also taken advantage of this gap between supply and demand and have pushed out a Trojanized version of the app bent on stealing the users’ account login credentials.

“Despite the fact that there are multiple permissions being requested at the time of installation – identical to the permissions required by the actual app – our analysis shows that this is, in fact, a red herring, probably used to add to the illusion that the end user is dealing with the genuine article,” point out Symantec researchers.

Once the victim enters his account credentials, the information is automatically sent to a remote server which is, luckily, currently offline. Also, the Trojanized app doesn’t react any differently when the incorrect email/password combination is entered.  So, if a client enters in a totally fake and made up username and password, the server would recognize that as an acceptable username password combination.

After the “Sign In” button is pressed, the user is faced with a screen saying that the app is incompatible with his device and urges him to download a different app, but doesn’t link to it or attempt to download it automatically.  A click on the “Cancel” button below that explanation triggers the uninstall process. “Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message,” say the researchers.

I’d say that the android market in general is a dangerous app store, compared to the apple app store.  Apple thoroughly checks every app for any malicious content and then rejects the app if found to be inappropriate.


5 thoughts on “Trojanized Netflix app steals account login credentials

  1. Apple has the upper hand in their App Store in that all apps are vented to make sure nothing like this happens. In not surprised that there aren’t more like this in the Android Market. I don’t believe Google does anything to make sure that applications aren’t malicious. I’m sure there are ways for users to report this app though. Do you think that Google should vent all applications that enter the Android Market? Or would you recommended users to use something like the Amazon Marketplace where all applications have to be approved?

    • i thnk that whatever app stores are out there should approve new apps as they are released by developers and put under the review session like apple does. No wonder appl has one of the highest customer satisfaction ratings of all companies

  2. I know that to install unsigned android applications on the device you have to enable it to do so in settings. I think people would have been pretty interested in downloading this just because the real Netflix app didn’t support some phones for quite some time, like my Samsung Infuse, until just recently. If they had seen it, then many would try for it.

  3. This is exactly the issue that people don’t understand when they complain about Apple’s closeness in its app store. If you leave these kinds of spaces fully open then you are opening the gates for all sort of problems.

    • Exactly, Apple is great at protecting its customers from harmful and useless apps on the all store, as compared to other apps stores

Comments are closed.