According to recent research by Symantec, cyber-criminals are stealing users login credentials for popular online streaming service Netflix in an attempt to steal banking information. One malware campaign involves malicious files posing as Netflix software on compromised computers desktops. The files are downloaders that, once executed, open the Netflix home page as a decoy whilst downloading Banload, a Trojan primarily used in Brazil that steals banking information.
Another campaign involves the phishing of Netflix credentials. The streaming service allows between one and four users on the same account, meaning that an attack can piggyback on a user’s subscription without their knowledge. In these phishing campaigns, attackers redirect users to a fake Netflix website to coax the user into providing login credentials, personal information and payment card details.
In addition to the campaigns, there is an underground economy targeting users who wish to access Netflix for a reduced price or free. These accounts either provide a month of viewing or give full access to the premium service. In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now