Mumbai: American video streaming service provider Netflix has been expanding incessantly since its inception back in 1997. Recently the company is taking steps towards global expansion, and has already rolled out its services in more than 190 regions around the world including India.
While the streaming service continues to spread out and more consumers start using Netflix, cyber-criminals around the world are also banking on the expansion, as it provides more opportunities to cyber-criminals for stealing a user’s credentials that can be used to provide streaming services at “black market prices”.
A Symantec research has revealed two different attack methods that cyber-criminals use to complete the process.
Malware disguised campaigns
The first process, as pointed out by Symantec, involves malicious files posing as Netflix software on “compromised computer desktop”. Threat Intelligence Officer at Symantec Lionel Payet, said: “The files are downloaders that, once executed, open the Netflix home page as a decoy and secretly download Infostealer.Banload. Banload steals banking information from the affected computer. The Trojan has primarily been used in Brazil.”
“The Netflix-disguised files aren’t dropped through drive-by downloads. Instead, the files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix,” he added in the blog post.
Phishing Netflix credentials
The second method can be used by attackers is to target Netflix users and steal their login credentials through malicious or phishing campaigns—a process that has been extensively used by cyber-criminals.
One Netflix subscription generally allows between one and four users on a single account, which means that an attacker could “piggyback’’ on a user’s subscription without their knowledge.
“In these phishing campaigns, attackers redirect users to a fake Netflix website to trick users into providing their login credentials, personal information, and payment cards details. These tactics are not uncommon; cyber-criminals are still using them on a daily basis,” said Payet.
For instance, Symantec observed a similar Netflix phishing campaign on January 21 and was originally crafted for Danish users. The phishing campaign lured many users into believing that their account needs to be updated, citing an issue regarding monthly payment.
The emails received by the users were sent from a fake id: netflix@fakt[REDACTED].com with the subject “Opdater Betalingsinformation”.
Netflix black market saga
Both the above-mentioned process immensely help cyber-attackers gain the required information required to steal a user’s Netflix account details. Attackers to gain access to any Netflix user’s account can use this information. However, the main purpose of these attacks is to target users who wish to access Netflix for a reduced cost. The research also pointed out that the malwares can also assist cyber-criminals to open their own illegal store.
The common services outsourced by the cyber-criminals are mostly existing Netflix accounts and these accounts provide premium services to other users at much cheaper rates. When the attackers advertise these services, the attackers disguised as sellers asks the subscribers of the illegal service to keep their password and other account details unchanged. Alteration of password or other account details may alert the real-account owner.
The research also explains another illegal offering by the attackers: Netflix account generators. “The accounts created through these tools may come from stolen Netflix subscriptions or payment card details, “ said Payet.
The generators’ creators (attackers) continually update their databases with new accounts and disable the one that don’t work anymore. The buyers can then resell the generated accounts on the black market at reduced rates.
How to avoid these breaches?
Considering the large user base of Netflix, it is evident that a lot of people on a daily basis get conned by these cyber-criminals. To avoid any kind of confusion and attacks, Symantec advices all Netflix users to download the app from official sources.
Additionally, Symantec has also warned users to stay away from services that appear to offer Netflix for a reduced price, as they might contain malicious files or stolen data.
