Cybercriminals took advantage of the fact that the Netflix app, released early this year, was not available on all mobile devices and created one of their own that promised unsuspecting users the experience of a lifetime.Symantec reports that this is how the Android.Fakeneflic piece of mobile malware was born.
The researchers who studied the malicious piece of software claim that this only demonstrates that hackers always come up with intelligent ways of duping internet users into downloading rogue apps and with the rise in popularity of the Android platform, they only get new opportunities.
Apart from a few minor differences, the fake Netflix resembles very much the real one, even during the installation process where practically the same steps have to be taken by the victim just to make it more realistic.
Android.Fakeneflic is basically a Trojan that steals your account credentials and posts them on a server after which it uninstalls itself to erase any evidence of its existence.
The clever thing about it is that it's very simple, being composed of only a splash screen and a log-in page which after it takes hold of your credentials, posts a warning message announcing a hardware incompatibility and an automatic uninstall process begins. This operation cannot be stopped as you are redirected to the same error page.
Because most security solutions providers got hold of the information, a mobile anti-virus software can probably protect your account details, but also, if you look carefully, you'll notice that the log-in page doesn't contain a password recovery link or a sign-up link for new customers.
As we've seen yesterday, smartphone malware hasn't yet gotten to the point where it would gain a lot of illegal income for the hackers, but as we see in the example above, they're sure getting close.
“Year over year, people have predicted that mobile malware would take off and, to date, we haven't seen that happen.We have seen a considerable increase in the amount of mobile malware, but it hasn't reached the proportion that people were expecting,” revealed Vikram Phakur, principal security response manager at Symantec for SCMagazine US.