Android users have to be on the lookout for a Netflix app that looks almost exactly like Netflix’s official product but carries a data-thieving Trojan instead of streaming movies.
Symantec discovered the Trojan, dubbed Android.Fakeneflic, and assessed it as a “very low-level risk.” However, placing the sneaky malware and the official Netflix app for Android OS side-by-side reveals cosmetic similarities that could easily fool an unsuspecting user.
How Does it Work?
Like the legit Netflix app, Android.Fakeneflic asks for a login and password. Then it sends a warning that the user’s hardware is incompatible and recommends uninstalling the app and installing another version. If you attempt to cancel the installation, the app tries uninstalling itself anyway, and rebuffing that process sends you back to the hardware incompatibility warning.
Meanwhile, your login and password are grabbed and posted to a server, which Symantec says is now offline.
How Dangerous is it?
The app’s presentation can be sneaky to the untrained eye. Since Android.Fakeneflic has only two parts — a loading screen and a login screen — and both look very similar to the official Netflix app, it’d be easy to hand over your Netflix credentials without a second thought.
But the data-mining aspect of Android.Fakeneflic doesn’t sound very sophisticated. The app does not verify whether the login credentials are accurate, so mistyping would instantly expose the fraud.
Also, the account page on Netflix only contains your mailing address, e-mail, and the last four digits of your credit card number, so unless the Trojan’s creators had a more refined future scheme in mind, losing your Netflix ID isn’t irreparable.
So in the interim, Android developers naturally built and marketed Netflix app alternatives, and, in this case, one of them included a Trojan.
Symantec partially blames the existence of Android.Fakeneflic on Android’s hardware fragmentation problems, stating that “multiple unsanctioned developer projects sprung up attempting to port a pirated copy of the [Netflix] app to run on devices that were not officially supported,” which then leads to bad behavior. But just because Android has too many disparate manufacturers building too many Android-powered devices with too few of them working similarly, doesn’t mean the platform itself is to blame.
As my colleague JR Raphael says, malware on the Android platform is inevitable. Open ecosystems such as the Android Marketplace thrive on competition and options; some developers play dirty; and some apps come loaded with nefarious extras. But it’s not limited to one mobile OS, nor is it necessarily the fault of so many different types of Android devices — even the iPhone has caught a virus before.
It comes down to using common sense and taking basic precautions when dealing with unofficial products.