Story image

Cyber crims targeting Netflix users - watchout

12 Feb 16

New research from Symantec has revealed cyber criminals are targeting Netflix users on the back of the company's recent global expansion.

According to Symantec, the cyber criminals steal users' credentials in order to provide the streaming service at black market prices.

Netflix recently launched its streaming service across the world, and now is available in more than 190 regions.

In a company blog post, Symantec says the success of the global expansion has attracted the attention of attackers.

"We have observed malware and phishing campaigns targeting Netflix users’ information. The details are then added to a growing black market that claims to provide cheaper access to the service," explains Lionel Payet, a Syamntec employee.

Malware disguised as Netflix
One malware campaign involves malicious files posing as Netflix software on compromised computers’ desktops.

Payet explains the files are downloaders that, once executed, open the Netflix home page as a decoy and secretly download Infostealer.Banload. Banload steals banking information from the affected computer. The Trojan has primarily been used in Brazil.

"The Netflix-disguised files aren’t dropped through drive-by downloads. Instead, the files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix," says Payet.

Phishing Netflix credentials
Aside from delivering malware, Payet says attackers may target Netflix users by attempting to steal their login credentials through phishing campaigns. "Netflix subscriptions allow between one and four users on the same account. This means that an attacker could piggyback on a user’s subscription without their knowledge," Payet explains.

In these phishing campaigns, attackers redirect users to a fake Netflix website to trick users into providing their login credentials, personal information, and payment cards details. According to Payet, these tactics are not uncommon; cybercriminals are still using them on a daily basis.

"Symantec observed one Netflix phishing campaign on January 21 which was crafted for Danish users," he explains. "The phishing email tried to trick users into believing that their Netflix account needed to be updated, as there was an issue with their monthly payment. The emails were sent from netflix@fakt[REDACTED].com with the subject “Opdater Betalingsinformation”. The site that the email linked to is no longer active."

Figure 2. Screenshot of the Netflix spam email

Netflix black market
Both malware and phishing campaigns help attackers gather the credentials needed to break into victims’ Netflix accounts, Payet says. But the attackers may not just keep this access for themselves.

"There is an underground economy targeting users who wish to access Netflix for free or a reduced price. The products could even allow customers to open their own illegal store," he says.

Payet says the most common offers are for existing Netflix accounts. These accounts either provide a month of viewing or give full access to the premium service. In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. "This is because a password change would alert the user who had their account stolen of the compromise," he says.

Figure 3. Advertisement for the sale of Netflix accounts

"Another offering includes Netflix account generators. The accounts created through these tools may come from stolen Netflix subscriptions or payment card details," says Payet. "The generators’ creators regularly update their databases with new accounts and disable ones that don’t work anymore. Buyers can use this software for themselves or resell the generated accounts on the black market."

Figure 4. Advertisement for Netflix account generator

"Symantec advises users to only download the Netflix application from official sources," Payet says. "Additionally, users should not take advantage of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or steal data."

Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.
Interview: ZeniMax Online's game director talks Elder Scrolls Online
FutureFive’s Darren Price sat down with Matt Firor, ESO’s designer and now president and game director at ZeniMax Online.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
A hands-on guide to Christmas shopping by Santa’s IT elf
Ho, ho, ho! So you’re back again for more inspiration for that hard-to-buy-for person in your life?
Govt commits $15.5m to digital identity research
“With more and more aspects of our lives taking place online it’s critical the government takes a lead to ensure New Zealanders have control of how and who uses their identity information,” says Minister Woods.
Spending on robotic systems and drones will be on the rise in 2019
Robotic systems will be the larger of the two categories throughout the five-year forecast period with worldwide robotics spending forecast to be $103.4 billion in 2019.