It looks like a legitimate Netflix app, but it’s not. There’s an Android app circulating that looks very much like the real Netflix mobile app, but it’s actually a Trojan that steals account information.
The fake app, which was found on an online user forum, sends the user’s log-in information to a remote server and displays a message saying there is an incompatibility issue with the hardware and then attempts to uninstall itself, according to a Symantec blog post.
The server that was receiving the stolen log-in data appeared to be offline today, Symantec said.
With the pilfered log-in information, the app creators could hijack accounts and they might have access to some information. However, they won’t be able to easily get to the credit card data because the site only displays the last four digits of the card number. So it’s unclear how they planned to make money off the scam. It might be a test run for a phony mobile banking app, which could yield access to much more sensitive information.
Typically, malicious apps are versions of legitimate apps that have been modified to include malware and then repackaged and distributed. But in this case, the app is a completely different program.
Confusion over the release of the real Netflix app created an opportunity for the app creators and increased the chances that people would get duped into downloading the malicious app, Symantec said in the post. Netflix offered an Android app in limited release to only certain devices earlier this year, but recently published its app on the Android Market with support for multiple devices.
“A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Andoid.Fakeneflic to exploit,” Symantec said.
People should be careful where they get their apps and download them from trusted sources only.