Netflix-themed phishing, malware supply black market with stolen credentials

As the Netflix movie streaming service spreads all over the world, the number of users rises, as well as the number of those who wish to use it but don’t want to pay for it or want to pay less than the set price. With such a wide (and widening) pool of potential targets, it’s no wonder that some cyber crooks are opting to concentrate on them.

Netflix phishing

Unsurprisingly, legitimate Netflix users are targeted with phishing emails impersonating the service, using one pretext or another to lure them to a fake Netflix site where they are directed to update their account, i.e. to enter their login credentials, personal info and credit card details.

“Netflix subscriptions allow between one and four users on the same account. This means that an attacker could piggyback on a user’s subscription without their knowledge,” Symantec researcher Lionel Payet explains.

Stolen Netflix login credentials are often sold on the black market, to users who wish to access Netflix for free or a reduced price:

Stolen Netflix login credentials

“These accounts either provide a month of viewing or give full access to the premium service.” Payet explains. “In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise.”

A similar approach is taken by cyber criminals offering Netflix account generators. The software provides stolen login credentials to users or login credentials of accounts that have been created by using stolen payment card details. That list is often updated, as some accounts are shut down either because the legitimate users stopped using them or because the compromise was detected.

Finally, potential users can be and sometimes are tricked into downloading malicious files posing as Netflix software. In Brazil, for example, users have been tricked into downloading a banking Trojan masquerading as Netflix software, after clicking on fake ads offering free or cheaper access to the streaming service.