Android fragmentation opens door for Netflix-faking trojan

Android fragmentation opens door for Netflix-faking trojan

Summary: Add data security to the list of concerns stemming from the fragmentation of Android.

SHARE:
TOPICS: Malware, Security
28

Android fragmentation may be bad enough by itself, but what if it leads to stolen user information?

Symantec posted on its official blog today a report about Android.Fakeneflic, an information-snatching trojan operating under the guise of the Android Netflix app.

The app is fairly easy to understand. Believing it to be the official Netflix app, users are coaxed into providing it with their Netflix credentials. The result is a stolen password, and potentially a purloined credit card number.

Symatec says that the trojan's effectiveness comes from the vacuum left by the launch of the official Netflix app, which only supported a few devices upon its release. The popularity of Netlfix, coupled with the lack of universal support for the app created the ideal environment for trojans like Android.Fakeneflic.

But what's really scary is just how similar the two apps are. As shown in the Symantec image above, the duo are nearly inseparable from each other, and it wouldn't take much for any normal user to convince one with the other.

[Symantec]

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

28 comments
Log in or register to join the discussion
  • RE: Android fragmentation opens door for Netflix-faking trojan

    Misleading title...Fragmentation didn't cause that problem, poor policing of an app store, malign content, or user side-loading did. Apple could have similar issues if a webpage was made to look like the app above and linked to with an icon, so could any phone platform.
    Socratesfoot
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @Socratesfoot
      +1. Google needs to step up and enforce policies around its market approval policies.
      Ram U
    • Not Exactly

      @Socratesfoot - This is not a webpage. This is an app. If it was a webpage we wouldn't be talking about the OS and the open ecosystem, we'd be talking about the users.
      m0o0o0o0o
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @Socratesfoot
      I think the point is that it is fragmentation that has prevented Netflix from releasing an app that works on all Android devices - thus leaving a gap in which frustrated people look for foreign support.
      I'm lucky - the Netflix app works on my phone.
      Ralph124
      • RE: Android fragmentation opens door for Netflix-faking trojan

        @Ralph124 Yeah, I think it was pretty obvious to everyone but anything to deny fragmentation is his motto.
        non-biased
  • Testing

    Test
    nykitty411
  • RE: Android fragmentation opens door for Netflix-faking trojan

    Sorry but Android == Linux == perfectly secure. Therefore, this reported malware can't possibly exist.

    Right?

    Right.
    bitcrazed
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @bitcrazed
      :D
      Ram U
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @bitcrazed

      Yet another one writes a personnel opinion without any supporting facts.
      daikon
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @bitcrazed That's right, it doesn't exist. Now you may return to defraging your hard disk. Oh wait, I just started defrag for you.
      anothercanuck
      • RE: Android fragmentation opens door for Netflix-faking trojan

        @anothercanuck

        what are you living in the XP days vista and 7 do it in the background
        Viper589
  • RE: Android fragmentation opens door for Netflix-faking trojan

    I'm confused. Is the fake NetFlix in the market, or would it require downloading from a 3rd party site?
    Both Symantec and author seem to be oddly silent about that.
    Just how hard does someone need to try to get the fake?
    anothercanuck
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @anothercanuck Yeah - just more ZDNET sensationalism.
      radleym
  • Android Bargain Hunters KIT Mobile OS

    Google could care less. This is Google's attitude:

    Does Google make any more money with a real Netflix app? Nope.
    Does Google make any more money with a fake Netflix app? Nope.
    Do they care? Nope.

    If anything, you might be more likely to search on Mobile Google for 'Android malware.'

    Google's attitude to the average Android user? Don't download apps. Just use the browser and Google search.

    To DIY/programming geeks - write some code.

    Android is NOT a professional OS - it's a passable mobile OS based on an engineers recollection of his work 5 years ago on IOS ... what do you expect? Then compound taht with Google's "customer service" attitude, you have a take out container by the side of the road - it is a free meal but it's also a lot of other issues ...
    jbelkin
  • Netflix Stupidity

    I would like to know <I>why</I> Netflix feel they have to individually test and certify <I>every single</I> Android device individually before releasing their app on it? That's not how normal Android development works. Netflix are the ones primarily responsible for this situation, not Android.
    ldo17
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @ldo17 It might not be how "normal" Android development works but why is Netflix the bad guy when all they are trying to do is make sure their users have the best possible experience using their app. Is quality control a foreign concept? Your kidding right, blaming Netflix for this situation? If some put a fake Siri app in the marketplace that stole personal info trying to use it's publicity would that be Apple's fault?
      non-biased
  • Similarity

    Acutally, I think they really differ a lot from each other considering how simplistic the user interface is. How hard can it be to make it exaxtly or near exactly the same??
    Rubix_z
  • RE: Android fragmentation opens door for Netflix-faking trojan

    My research of better reported articles (from which this one was probably culled and doctored) indicate quite clearly that the trojan had to be installed from a third party page (NOT Android Market). The likelihood of this attack vector working is indicated (in the source I read from Symantec) was increased due to the perceived absence of an official Netflix app for android, along with a significant demand for one - that would encourage the victim with the notion that what they were downloading was a pirated / hacked version of the real thing that was not yet available through official channels.

    Therefore, the victim would have to a) not know that netflix was available in the market already, and b) be willing to take a risk and load it from an unnapproved source and c) believe that there is such a thing as a free lunch!
    dimonic
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @dimonic I doesn't matter what excuses you offer, fragmenation is still the cause. Get over it.
      heyu
    • RE: Android fragmentation opens door for Netflix-faking trojan

      @dimonic While not a good situation I am glad to hear it was not in the marketplace.
      non-biased