Android fragmentation opens door for Netflix-faking trojan

Add data security to the list of concerns stemming from the fragmentation of Android.

Android fragmentation may be bad enough by itself, but what if it leads to stolen user information?

Symantec posted on its official blog today a report about Android.Fakeneflic, an information-snatching trojan operating under the guise of the Android Netflix app.

The app is fairly easy to understand. Believing it to be the official Netflix app, users are coaxed into providing it with their Netflix credentials. The result is a stolen password, and potentially a purloined credit card number.

Symatec says that the trojan's effectiveness comes from the vacuum left by the launch of the official Netflix app, which only supported a few devices upon its release. The popularity of Netlfix, coupled with the lack of universal support for the app created the ideal environment for trojans like Android.Fakeneflic.

But what's really scary is just how similar the two apps are. As shown in the Symantec image above, the duo are nearly inseparable from each other, and it wouldn't take much for any normal user to convince one with the other.