Android users need to be on watch for new malware masquerading as the Netflix app. The bogus version mirrors the official app very closely in appearance and will steal user’s account information.
Researchers from the Semantec computer security firm published a warning about the fake Netflix app in a blog post on Wednesday. The Trojan, named Android.Fakeneflic, is pretty straight forward. The Fake app is mainly just a splash screen and a login screen. The user is fooled into using the fake app, and at the login screen the account information is stolen and sent to a server.
Once the user hits the ‘Sign in’ button, a screen pops up indicating incompatibility with the device’s hardware. The window recommends an installation of another version of the app. Once the user hits the “Cancel” button, the app attempts to uninstall.
It’s unclear how much information the Trojan can access. The good news, the blog post points out, is that the server receiving the stolen data appears to be offline.
The reason why the malware has been so effective is due to the Android Platform’s “Hardware Fragmentation” issues, according to Semantec. Netflix released the app earlier in the year, but only for five Android using handsets; which led to pirated versions. Only recently has official support been expanded to more devices.
“A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit.” Symantec wrote.
The official app finally made its way to compatibility with Android 2.2 and 2.3 devices last month. Netflix has mainly been in the news recently over its indecision on whether to split its service between streaming and a separate DVD brand handled by its Qwikster brand.