Malware masquerading as a popular Netflix application for Android is actually a social engineering scam that utilizes a classic Trojan to get account information and passwords.
Symantec warned about the malware in a blog post this week, noting it is a clear example of how far mobile malware has come.
The Android.Fakeneflic exploit, according to Symantec's Irfan Asrar, "is a text book case of an information stealing Trojan that targets account information. The malicious app is not too difficult to understand. Despite the fact that there are multiple permissions being requested at the time of installation — identical to the permissions required by the actual app — our analysis shows that this is, in fact, a red herring, probably used to add to the illusion that the end user is dealing with the genuine article."
The phony application was found on an Android user forum and is not available in the official Android app market. Asrar says the fake app is divided into two main parts; a splash screen followed by a login screen where the user information is captured and posted to a server. Asrar said it appeared that the server where the data was being posted is offline.
"Furthermore, there appears to be no attempt to verify whether the data entered by an unsuspecting user was accurate or not,' explained Asrar. "Once a user has clicked on the "Sign in' button, they are presented with a screen indicating incompatibility with the current hardware and a recommendation to install another version of the app in order to resolve the issue. There is no attempt to automatically download the recommended solution. Upon hitting the "Cancel" button, the app attempts to uninstall itself. Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message."
[More scams in 5 more dirty tricks: Social engineers' latest pick up lines]
The fake app had the perfect opportunity to take advantage because of the initial limited release of the official Netflix application for Android, said Asrar. The Netflix app was initially pushed only to certain devices that provided the best user experience and only recently was it made available on the Android app market. But the popularity of the service prompted several unsanctioned developers to attempt to port a pirated copy of the app to run on devices that were not officially supported.
"A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit," said Asrar.