Netflix Phishing And Malware Campaigns Build Growing Black Market

Netflix’s expansion to 130 new regions has boosted the market for stolen Netflix passwords, according to Symantec, a Mountain View, Calif.-based technology security company. Netflix’s streaming service is currently available in 190 regions.

Symantec noted that phishing campaigns and malware are targeting Netflix users’ information. The hackers add the users’ information to a growing black market that offers cheaper access to the service.

Malicious files posing as Netflix software.
Malicious files posing as Netflix software.

How It Works

One such campaign uses malicious files that pose as Netflix software on compromised computer desktops. Once the downloaded files execute, the Netflix home page opens as a decoy. Infostealer Banload secretly downloads, then steals banking information from the infected computer. The Trojan has been used in Brazil primarily.

Screenshot of the Netflix spam email.
Screenshot of the Netflix spam email.

Drive-by downloads do not drop the Netflix-disguised files. Users who may have been tricked by fake advertisements for cheaper Netflix access most likely download the files.

Attackers may target Netflix users by trying to steal login credentials through phishing campaigns in addition to delivering malware. Netflix subscriptions permit between one to four users on the same account. Cybercriminals are using these tactics on a daily basis.

A Campaign In Action

Symantec witnessed a Netflix phishing campaign crafted for Danish users on Jan. 21. The email attempted to trick users into thinking their Netflix account needed an update due to an issue with their monthly payment. The sender was [email protected][REDACTED].com and the subject line read “Opdater Betalingsinformation”. The site that was linked to the email is no longer active.

Phishing and malware campaigns enable attackers to gain the credentials required to enter victims’ Netflix accounts. The attackers may not only keep the access to themselves, however. An underground economy exists targeting users that want to access Netflix for free or for a reduced price. Such products could also enable customers to launch illegal stores.

Advertisement for the sale of Netflix accounts.
Advertisement for the sale of Netflix accounts.

The most typical offers are for existing Netflix accounts. Such accounts provide either a month of viewing or full access to the premium service. Most advertisements for such services has the seller asking the buyer not to change any account information such as the password since it could render them unstable. A password change would alert the user to the account being compromised.

Also read: Report: Cybercriminals are cooking up malware in record numbers

Another offer includes Netflix account generators. The accounts that these tools create can come from stolen Netflix subscriptions or payment card information.

The creators regularly update their databases with new accounts and disable those that no longer work. The buyers can use this software themselves or resell the generated accounts on the black market.

Advertisement for Netflix account generator.
A Netflix account generator.

Users Must Be Careful

Symantec urges users only to download the Netflix application from authorized sources. Users should not take advantage of services that offer Netflix for free or a reduced price since they may contain malicious files or steal data.

Norton and Symantec products protect users from the malware under the following antivirus detections:

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.