Cyber criminals are targeting Netflix users with phishing campaigns and malware designed to steal their credit card details, potentially for sale on the black market.
The video streaming service is becoming increasingly popular as it expands into new markets; but as it becomes more successful, it means Netflix is becoming an ever more tempting target for hackers eager to make a quick buck by targeting its userbase.
According to researchers at Symantec, the two most common methods deployed to steal data from customers are a malicious Trojan posing as an authentic version Netflix software and a phishing campaigns.
Malware is inadvertently downloaded when users are duped by fake adverts or offers for a cheaper version of Netflix. Once installed, the malware poses as Netflix and compromises the system with Infostealer.Banload, a form of Trojan software which opens a back door to steal information and download potentially malicious files.
In this instance, Banload steals banking information from the affected system and the Trojan has most commonly been used against Brazilian Netflix users.
Cyber criminals are also employing phishing campaigns in an effort to steal the login credentials of Netflix users. When deploying this method, attackers trick users into inadvertently handing over their login details, personal information and payment card credentials via the use of a fake Netflix website.
Researchers spotted one particular phishing campaign designed to target Danish Netflix users. A phishing email attempted to trick them into thinking details about their account needed to be updated due to a payment issue. It's therefore possible that concerned users may have replied to the email, mistakenly sending their bank details directly into the hands of cyber scammers.
But that isn't where it ends. Once attackers have got hold of the personal data of Netflix users, be it by malware or phishing, they may opt to sell the details on the Dark Web, potentially putting the victims at even greater risk. For example, researchers say that stolen card details may be used to generate new Netflix accounts, which the cyber criminal can sell at a low cost on the black market.
The sophistication of the operation suggests that the perpetrators of these Netflix phishing and malware schemes aren't amateurs but rather part of a fully-fledged business model.
However, Netflix users can go a long way to ensuring they don't fall victim to this campaign in one simple way; by only downloading the video steaming service from genuine suppliers of the software, such as the Netflix website or official app stores.
"Symantec advises users to only download the Netflix application from official sources. Additionally, users should not take advantage of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or steal data," warns Symantec threat intelligence offer Lionel Payet.