Fake Trojan Netflix App - Perfect ID Thief?

[dgstorm]

There is some new Android malware out there that is down-right vicious. It is a fake Netflix app that is simply a Trojan designed to steal your identity. Symantec found the trojan and determined that it is designed to send your log-in info to a remote server after telling you that there is a compatibility issue with your device. Then attempts to uninstall itself. Basically, they could gain access to your account and get all kinds of info. Luckily, they can't get your credit card info, because Netflix website only shows the last four digits of your credit card.

Still, Elinor Mills of Cnet.com points out something even scarier, “It might be a test run for a phony mobile banking app, which could yield access to much more sensitive information." If this is the case, and the unscrupulous hackers did develop such an app and gain access to your bank accounts, they could wreak havoc. Here's a quote from Symantec regarding the timing of the trojan,

“A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover forAndoid.Fakeneflic to exploit.”

As you've heard before, always be on the lookout and only download apps from trusted sources.

Source: Android.net via TalkAndroid

 

[chasehammer]

with Netflix now for all devices on the market why anyone would still install from 3rd party is just stupid in my opinion.

 

[NeoandGeo]

with Netflix now for all devices on the market why anyone would still install from 3rd party is just stupid in my opinion.

It was stupid of Netflix or the carriers to have such a limited rollout forcing users to look elsewhere to use an app that should have been available for all handsets on day 1. A lot of those that don't keep up with tech sites may not know it's available to everyone now.

 

[czerdrill]

It was stupid of Netflix or the carriers to have such a limited rollout forcing users to look elsewhere to use an app that should have been available for all handsets on day 1. A lot of those that don't keep up with tech sites may not know it's available to everyone now.

Pretty sure it had to do with fragmentation and making sure the app worked for all devices. It wasn't like they were doing it just to screw customers over or tease customers who didn't have compatible phones...

 

[NeoandGeo]

My phones weren't "compatible" with Netflix when it first arrived, but it worked great on those two phones when I found the .apk online.

If you have an extremely limited release where most users are forced to look elsewhere than the market to get a perfectly working app for their phone, you have to expect it will be easy to prey on them a few weeks later with a malicious app. It should have been released on the market with the disclaimer that "it may not work on your phone", like so many other apps.

 

[czerdrill]

My phones weren't "compatible" with Netflix when it first arrived, but it worked great on those two phones when I found the .apk online.

If you have an extremely limited release where most users are forced to look elsewhere than the market to get a perfectly working app for their phone, you have to expect it will be easy to prey on them a few weeks later with a malicious app. It should have been released on the market with the disclaimer that "it may not work on your phone", like so many other apps.

Did it really work "great" or were there bugs? I found the apk online because my phone wasn't supported either, but it wasn't like the app worked flawlessly until they officially released it for the d1. I think the far more logical reason is because they needed to test all devices, and not because they just felt like rolling it out staggered. What would be the point?

Had they released it on the market with that disclaimer people would just whine to them nonstop. Surely you don't believe that Android users would say "Oh Netflix, gee golly! Well they tried!!! "

 

[NeoandGeo]

Droid X, Xperia Play and LG Ally, worked great with few bugs here and there, less so than Slingplayer and other streaming video apps on the market. The biggest uproar was because they didn't release it on the market, even with some devices having bugs, and people went crazy finding working apks online. It was a breeding ground for maliciousness that Netflix created.

 

[czerdrill]

Droid X, Xperia Play and LG Ally, worked great with few bugs here and there, less so than Slingplayer and other streaming video apps on the market. The biggest uproar was because they didn't release it on the market and people went crazy finding working apks online. It was a breeding ground for maliciousness that Netflix created.

Well yeah, the biggest uproar was that of course, but that doesn't make it Netflix's fault. Like I said, do you really believe that if the apps were officially released by Netflix and "had a few bugs here and there" that Android users would congratulate Netflix on a job well done? Absolutely not. They'd be whining and complaining to Netflix nonstop. Sure it would have been great if Netflix released it all at the same time, but the reason there is malware is because of the way Android is set up, not because of Netflix. Heck, even the Google+ app was spoofed! Google lets anyone and their mother upload anything they want however they want with no restriction. The breeding ground was created by Android not by Netflix

 

[NeoandGeo]

I never said they would congratulate Netflix, I know people would be whining. But it wouldn't have created an immense amount of people forced to look elsewhere than the market for an app that probably would have worked at least partially on their phone. This caused many users to download many multiple builds from different sources. This further causes many easy targets for malware.

Bugs would have even been rectified much faster if they were able to get multiple feedbacks from every Android device under the sun from the very start. Netflix handled it very wrong. Kind of like all their decisions as of late, but that's another story.

 

[czerdrill]

I never said they would congratulate Netflix, I know people would be whining. But it wouldn't have created an immense amount of people forced to look elsewhere than the market for an app that probably would have worked at least partially on their phone. This caused many users to download many multiple builds from different sources. This further causes many easy targets for malware.

Bugs would have even been rectified much faster if they were able to get multiple feedbacks from every Android device under the sun from the very start. Netflix handled it very wrong. Kind of like all their decisions as of late, but that's another story.

I guess my point is there's a reason netflix did it. That ppl were impatient and foolishly installed malware on their device is not netflix fault. That's lie blaming microsoft cuz ure pc got a virus

 

[NeoandGeo]

It is foolish of users to install malware on their device I never said it wasn't. But Netflix created this mess and blamed their shortcomings on Android fragmentation, which seems to be the popular thing to do by companies having trouble developing an app.

 

[czerdrill]

It is foolish of users to install malware on their device I never said it wasn't. But Netflix created this mess and blamed their shortcomings on Android fragmentation, which seems to be the popular thing to do by companies having trouble developing an app.

So your saying a company which had a perfectly functioning ios app for months simply hired inept android programmers?

 

[NeoandGeo]

You never know. They could have done a quick cheap and dirty port and worked up from there applying bandaids as they went along.

In the end, they handled it badly, and most users were forced to look at unofficial sources for a working app. That in turn creates easy malware targets.

 

[czerdrill]

You never know. They could have done a quick cheap and dirty port and worked up from there applying bandaids as they went along.

Or they could have wanted to make sure the app worked well for all devices before creating an even larger headache for themselves, right? I'm not understanding why the blame is going to the company when they had zero to do with the malware. Seems odd.

 

[NeoandGeo]

Because many of those looking elsewhere found apps that worked, and I'm sure they still heard from them about it official or not. They handled it in a bad way, and now it's probably going to even worse for them as it could easily fuel a hacking scandal.

I'll never understand why big corporations are always outed by indie developers who know that it's better to wide release and get feedback from everyone and not try to damage control from the start. Deploy to all notifying that it is beta and if you have a problem provide your phone model, Android version number, custom OS or not, etc.