The expanding global reach of Netflix, now available in over 190 global regions, has made the content service a popular target of cybercriminals whose tactics include malware, phishing and social engineering. A common denominator in many of these attacks is greed — not just greed on the part of the cybercriminal, but also many victims who are scouring the web for unauthorized free or discounted Netflix streaming services, instead of signing up for a legitimate account.
For example, some unscrupulous users are downloading malicious files from third-party websites, thinking they will provide cheap Netflix access. But they are actually installing the Infostealer.Banload banking trojan, which pilfers their financial information, Symantec explained. Other victims of this campaign may think they are actually installing the genuine service, after being directed to a malicious webpage via a malicious link or advertisement.
Not everyone who downloads a third-party Netflix service app ends up infected with malware, whoever. Some will get the discounted access they were seeking—but at a cost to other innocent victims. In some instances, the unauthorized service actually registers a genuine Netflix account for customers, but pays for it with stolen financial information bought off the black market. This allows the service to charge a small fee while still making a profit.
In other cases, third-party services supply their customers with log-in credentials that were stolen from legitimate Netflix viewers. Some of these genuine subscribers were the victim of phishing schemes that tricked them into giving away their credentials in order to remedy a non-existent payment issue.
“Netflix subscriptions allow between one and four users on the same account. This means that an attacker could piggyback on a user's subscription without their knowledge,” the Symantec blog post explained. For that reason, unauthorized Netflix service providers typically ask their customers not to modify passwords or other account information, because such a change might alert the legitimate account holder that something is amiss.
Symantec recommends that consumers subscribe only to the legitimate Netflix service. Also, in an interview with SCMagazine.com, Satnam Narang, senior security response manager at Symantec, recommended a precaution that current Netflix customers can take to ensure no one is piggybacking off their accounts:
“If you go into your Netflix account…go into ‘Recent Activity' and look at viewing activity. From there, check to see which devices have checked in and accessed the service,” said Narang. “It shows you the IP address, and the geolocation of where [the log-in was] coming from. Users should definitely go and check that from time to time, because you might not know someone from another country is accessing that account because your password has been compromised.”