A report from Symantec claims that malware authors tricked an untold number of Netflix users into coughing up their account credentials with a Trojan horse application that doubled as a Netflix app for the Android platform.
In a blog post, Symantec researcher Irfan Asrar writes about a new piece of malware, Android.Fakenflick (not to be confused with NPR star reporter David Folkenflick, mind you), which looks identical to the legitimate Neflix application, but sends any user name and passwords entered via the Android phone to a remote server controlled by the attackers. According to Symantec, the malware was first identified on October 10 and has been linked to just a small number of infections. After accepting the user’s Netflix credentials, the malware displays an message saying the Android phone is not supported by the application, which is then uninstalled.
The malware is designed to look and behave exactly like the legitimate Netflix application for Android – with a similar look and feel. The application also requests the same permissions of the phone user. Asrar hypothesizes that malware authors were simply jumping on an opportunity to get hungry Netflix users to download their malware, after Netflix released an official Android application that only ran on certain Android phones. An ad hoc effort sprang up to port the app to non supported platforms. Users who downloaded Fakenflick may have thought they were getting a grayware ported version of the application.
Google’s Android mobile operating system has been a leading target of mobile malware writers in the last year. Researchers have uncovered Android versions of popular Windows malware like the Zeus banking Trojan. In June, researchers at North Carolina State University also rang the alarm about a new and stealthy piece of spyware dubbed “Plankton” that was lurking on the Android Marketplace. Google says it suspended a number of applications from the Marketplace in the wake of that revelation The company was already struggling with a persistent infections of Marketplace applications with the DroidDream malware. Kaspersky Lab researchers found that the number of malware signatures for the Andoid operating system tripled between the first and second quarters of 2011, from just 50 to 150.