Netflix Malware & Phishing bring Users Credentials Online

For some, Netflix is a way of life. Whether you enjoy Netflix for the documentaries, the Original shows, or the ‘chilling,’ we have all enjoyed the service. But when something becomes as popular as fast as Netflix has, there is always a dark side. In this case, we are brought back to reality after the (un)surprising realization that there are Netflix malware and phishing attacks targeting users. Researchers at Symantec recently published their findings on a virulent new wave of attacks.

The purpose of these attacks is to harvest credentials and gain access to users’ Netflix accounts. Why would they do this? To sell the credentials for profit. Where are they selling them? The black market.With the recent rise in popularity of Netflix, it is no surprise that attackers attention has been turned to the leader in global streaming services.

Netflix Malware:

One of the observed Netflix malware campaigns involved malicious files posing as Netflix software - typically on an infected computer desktop. The disguised files are actually decoys that secretly download Infostealer.Banload which steals banking information from the infected computer. The Trojan primarily has been seen in Brazil, as cited by the Symantec team.

"The files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix," Symantec's Lionel Payet said in a blog post.

Netflix Phishing:

Beside the typical case of malware, attackers target Netflix users by trying to steal their login credentials through phishing campaigns. Netflix subscriptions typically allow one to four users on a single account. This means that a malicious actor could piggyback on a user’s subscription without them ever knowing.

To launch these attacks, cyber criminals redirect users to a fake Netflix website to trick users into disseminating their login credentials, personal information and payment card details. In short, they’re classic examples of phishing attacks.

"Symantec observed one Netflix phishing campaign on 21 January which was crafted for Danish users," Payet said. "The phishing email tried to trick users into believing that their Netflix account needed to be updated, as there was an issue with their monthly payment."

Netflix Black Market:

Both Netflix malware and phishing campaigns help cyber criminals gather user credentials to break into victims Netflix accounts. But these criminals are not just keeping this access for themselves. These criminals typically go to the Dark web (link) to either give out the credentials at a reduced price, or even for free.

"The generators’ creators regularly update their databases with new accounts and disable ones that don’t work anymore. Buyers can use this software for themselves or resell the generated accounts on the black market."

The lesson here is the same one you have heard 100 times before: be vigilant online. Beware of fake apps, sketchy emails, unexpected downloads, and too-good-to-be-true links on social media. The classic attacks aren’t going anywhere any time soon, especially if they still work so effectively. The attackers are merely updating their vectors and their victims.