Beware Netflix users, cyber criminals are now targeting you using phishing tactics and malware tools in an attempt to acquire the details of your credit card and sell them on the black market.
Security researchers with Symantec blew the whistle on the phishing campaigns as just as Netflix is growing in popularity due to high demands for video streaming. As Netflix moves to pursue fresh markets, it would be inevitable for the company to become favorite target among attackers.
Indeed, it is tempting for hackers to add Netflix to their list of targets due to the rising user base of the company.
In this case, attackers have been employing an Infostealer.Banload Trojan that pretends as a legitimate Netflix software and a phishing technique in the form of fake ads and Netflix product offers that are sold for a cheaper price. The Banload Trojan works to create a backdoor access to your computer for hackers to steal information pertaining to your Netflix account and dump a stack of malicious files into your system.
Based on the demographics of the attacks, the Banload Trojan attacks mostly customers of Netflix based in Brazil, where the malware steals banking details from the affected computers. The phishing campaigns, on the other hand, serve to pilfer the login details of Netflix users. The attackers lure these users to submit their personal data and payment card details to a fake Netflix login page that appears legit.
Symantec researchers also spotted another phishing campaign that targets Netflix users in Denmark, where the deceptive tactic involves making users believe that there is an issue with their Netflix account and that they need to update their personal information. Unsuspecting users are sure to fall prey to this deceptive tactic intended only to get their bank details for fraudulent purposes.
But the greater risk lies not in the hands of the attackers alone, but in the prospect of having your data sold on the dark web in order to create new Netflix accounts for sale again on the black market at a much lower price tag.
If the level of sophistication of the Trojan and the phishing campaign is any indication, these kinds of attacks are part of a major conglomerate that does business through fraudulent means.
Netflix has yet to release a statement on the issue, but there are simple workarounds in order to avoid falling victim to these malicious campaigns. One, it would help to avoid downloading from unreliable suppliers of Netflix, but only from the genuine Netflix website and legit app stores.