Connect with us

Hi, what are you looking for?


Mobile & Wireless

Information-Stealing Android Malware Targets Netflix Customers

Fake Netflix App for Android Looks to Steal Personal Information from Netflix Customers.

On Demand Webcast: Protecting Corporate Data in Mobile Apps

Fake Netflix App for Android Looks to Steal Personal Information from Netflix Customers.

On Demand Webcast: Protecting Corporate Data in Mobile Apps

Mobile Malware creators have crafted a well-designed application that targets Netflix customers using Android mobile devices in an attempt to steal personal informaton. Symantec discovered the threat that it dubbed Android.Fakeneflic, which attempts to exploit users of the popular Netflix app for Android.

Fake Netflix Mobile App on AndroidThe malware in question appears to be a legitimate Netflix app, but instead is an information-stealing Trojan looking to capture account information from unsuspecting users. Once installed, if a user enters their Netflix account information into the malicious app, the user’s information is captured and posted to a server. Following that, users are presented with a screen indicating incompatibility with their hardware and a recommendation to install another version of the app. After hitting the “Cancel” button, the malware attempts to uninstall itself. Fairly simple, but well designed application like this can easily trick users into coughing up login details and other personal information.

“The official [Netflix] app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit,” Irfan Asrar wrote in a blog post.


“Divided into two main parts, the app is largely just a splash screen followed by a login screen where the user information is captured and posted to a server. At the time of writing this blog, it appears that the server where the data was being posted is offline. Furthermore, there appears to be no attempt to verify whether the data entered by an unsuspecting user was accurate or not,” added Asrar and Shunichi Imano, also of Symantec.

NetflixMobile Malware App

We reached out to Symantec to get some insight on the impact of this mobile malware, and what malicious apps like this mean to users in general. In this case, the malicious fake Netflix app doesn’t appear to have infected many devices yet, but it could, and others like it could easily be propagated quickly via spam and other social engineering tactics.

Here’s what Liam O Murchu, Manager of Operations, Symantec Security Response had to say in response to SecurityWeek’s questions.

Advertisement. Scroll to continue reading.

SecurityWeek: How are users infected with this malicious Netflix app?

Murchu: “A user would become infected by simply downloading and installing the malicious app. So, user interaction certainly would be required, but social engineering could come into play in order to convince the user that this is the legitimate version of Netflix’s app, as opposed to the malicious fake it is.”

SecurityWeek: Do you have any insight as to the size and scope of users who may have been infected? From what we have been able to gather the number of infections appears to be extremely limited.

Murchu: “We don’t have details as to the number of users who might have downloaded this app at this time, but it’s likely that infections are very limited at this point. What makes this threat interesting isn’t so much how widespread it is, but that it is a slightly different twist on Trojanized legitimate applications we traditional see targeting Android. These are legitimate apps that have been downloaded by attackers, repackaged with malicious code included and then re-released online. Such apps typically retain the legitimate apps functionality. With Android.Fakeneflic, the attacker hasn’t actually utilized the legitimate app, but has tried to spoof it. In addition, Android.Fakeneflic provides an example of what kind of scheme attackers could run with a fake mobile banking app, where instead of gathering somewhat innocuous login credentials, the thief could gather banking credentials or other sensitive financial information instead.”

More information is avaialble in a blog post from Symantec here.

On Demand Webcast: Protecting Corporate Data in Mobile Apps

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.