Cyber criminals are stealing user's login credentials for popular online streaming service, Netflix, in an attempt to steal banking information, according to recent research by Symantec.
The security vendor has discovered multiple malicious campaigns directly associated with Netflix.
One malware campaign involves malicious files posing as Netflix software on compromised computers desktops. The files are downloaders that, once executed, open the Netflix home page as a decoy whilst downloading Banload, a Trojan primarily used in Brazil, that steals banking information.
Another campaign involves the phishing of Netflix credentials. The streaming service allows between one and four users on the same account, meaning that an attack can piggyback on a user’s subscription without their knowledge.
In these phishing campaigns, attackers redirect users to a fake Netflix website to coax the user into providing login credentials, personal information and payment card details.
In addition to the campaigns, there is an underground economy targeting users who wish to access Netflix for a reduced price or free.
These accounts either provide a month of viewing or give full access to the premium service. In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise.
Symantec said it advises users to only download the Netflix application from official sources. Additionally, users should not take advantage of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or be looking to steal data.