Netflix has just teetered back from the brink of the Qwikster fiasco. Now there's a new problem for the service's users. The Android app for Netflix was originally released just for specific devices, though the company did recently add support for all Android 2.2 devices.
According to Symantec researchers, "A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit." The fake app looks a lot like the real one, until you see them side by side.
The sole purpose of this app is to steal Netflix login credentials. The researchers noted that it asks for exactly the same permissions the real app does, even though it doesn't need most of them. When the user supposedly signs in, the app transmits the credentials to its home server. It then reports a hardware problem and advises downloading an upgrade. In truth, when you accept the alleged upgrade the app attempts to uninstall itself.
I'm not precisely clear on how the thieves will turn a profit from stealing Netflix credentials. Maybe the thieves aren't either. According to the exploit's discoverers, the server that collects those credentials is currently offline. You can view the full report, with plenty of pictures, on Symantec's Web site.
0 comments:
Post a Comment