Skip to content ↓ | Skip to navigation ↓

Netflix malware and phishing attack campaigns are contributing to the rise of a black market built around the sale of stolen credentials.

Lionel Payet, a threat intelligence officer at Symantec Security Response, explains in a blog post how he recently came across two unique attack campaigns that are targeting users of the popular web streaming platform.

The first involves malicious files posing as Netflix software that, one executed, download the banking Trojan Infostealer.Banload onto victims’ machines.

The trojan, which has been disproportionately used in attacks centered in Brazil, is not dropped by drive-by downloads. Users must install it onto their computers. They can be tricked into doing so by attackers who link the malicious executables to ads offering Netflix access at a discount rate.

The second attack campaign involves the use of phishing emails.

“Netflix subscriptions allow between one and four users on the same account,” Payet observes. “This means that an attacker could piggyback on a user’s subscription without their knowledge.”

The researcher identifies one phishing campaign in particular that warned Danish users of an incorrect processing of their monthly payment and urged them to log in to their accounts. A link provided in the email redirected victims to a fake login page.

netflix malware attack
Source: Security Response

In both the malware and phishing campaigns, attackers steal Netflix users’ account credentials, which in turn end up on black market sites. Most of these sell access to the compromised accounts, which in a way assumes the function of an underground streaming service. Others, however, involve tools that use stolen subscriptions or payment card details to create new Netflix accounts, which can be sold on other black market websites.

Acknowledging these threats, Payet urges users to not click on any ads offering cheap Netflix access. Users should also exercise caution around suspicious email links, and they should always review their monthly credit card bills for suspicious transactions.

This news follows on the heels of Netflix’s announcement that it would crack down on the use of proxies among its members.