When Netflix released an Android client app earlier this year, it also witnessed the attempts of various app developers who tried to make a pirated copy of it work on other devices and platforms.
As unwelcome as this development was, the situation has been made even worse as cyber criminals have also taken advantage of this gap between supply and demand and have pushed out a Trojanized version of the app bent on stealing the users’ account login credentials.
“Despite the fact that there are multiple permissions being requested at the time of installation – identical to the permissions required by the actual app – our analysis shows that this is, in fact, a red herring, probably used to add to the illusion that the end user is dealing with the genuine article,” point out Symantec researchers.
Once the victim enters his account credentials, the information is automatically sent to a remote server which is, luckily, currently offline. Also, the Trojanized app doesn’t react any differently when the incorrect email/password combination is entered.
After the “Sign In” button is pressed, the user is faced with a screen saying that the app is incompatible with his device and urges him to download a different app, but doesn’t link to it or attempt to download it automatically.
A click on the “Cancel” button below that explanation triggers the uninstall process. “Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message,” say the researchers.