Fake Netflix App Steals Data on Android Phones

Netflix, one of the top most acclaimed applications for Android users took a while to expand its support to all Android users including Android 2.2 (Froyo) and 2.3 (Gingerbread) Since there was a gap in availability with more number of users attempting to get this application on their Android device created a perfect space for Android.Fakeneflic, a Trojan horse whose geographical distribution is low but threat containment is easy. The researchers from Symantec computer security firm published about this Trojan in a blog post.

The Fake Netflix application has only two parts, the login screen and the loading screen. Like the legal Netflix application, the Trojan asks for a login and password. When the ‘Sign In’ button is given a hit, a screen pops up indicating that the Android device is incompatible with the device’s hardware and it recommends to install another version of application in order to resolve the issue. In the mean time the account information is stolen and sent to a server. Also there is no attempt to download the recommended solution. When the user chooses the ‘Cancel’ option, the application tends to uninstall itself. When the uninstall process is interrupted, the user is being returned to the previous screen with the incompatibility message getting displayed. It is still not very much clear on how much amount of information the Trojan can access. However Semantec claims that the information is stored offline.

Though people from CNET entertain the fact that the Fake Netflix application is just a test application, this could cause a great threat to the users if the information reaches wrong hands as many of them have same username and passwords for multiple sites. However this affects the people who side-loaded the application outside the official market, where as people who received Netflix from the user market had no issues.

The malicious applications are versions of legitimate applications that have been modified to include a malware. It is then it is repackaged and distributed. But here, in this case the application is a completely different program.

The Security company partially blamed Andriod`s hardware fragmentation problems stating “multiple unsanctioned developer projects sprung up attempting to port a pirated copy of Netflix application to run on devices that are not officially supported“. This leads to bad behavior. Even Peter Vesterbacka, one of Rovio’s founder and an Angry bird developer said, “Android is growing, but its growing complexity at the same time. Device fragmentation is not the issue, but rather the fragmentation of the eco-system. So many different shops, so many different models. The carriers messing with the experience again. Open but not really open a very Google-centric eco system“. But the platform can’t be blamed completely.

Though Android has gained the most market share in the mobile world, on the other hand it`s also a horrible mess of bugs, low quality OEM designs, terrible engineering and there comes Security Vulnerabilities popping up constantly. One has to be more careful if he downloads software from a third-party user.

Leave a Reply