Threat Management, Incident Response, Malware, Network Security, TDR

Discount third-party Netflix services are a ‘House of Cards,’ warns cybersecurity blog


Researchers have been observing a litany of attacks against Netflix, its customers, and consumers interested in the content streaming service, warned Symantec in a blog post yesterday.

The expanding global reach of Netflix, now available in over 190 global regions, has made the content service a popular target of cybercriminals whose tactics include malware, phishing and social engineering. A common denominator in many of these attacks is greed — not just greed on the part of the cybercriminal, but also many victims who are scouring the web for unauthorized free or discounted Netflix streaming services, instead of signing up for a legitimate account.

For example, some unscrupulous users are downloading malicious files from third-party websites, thinking they will provide cheap Netflix access. But they are actually installing the Infostealer.Banload banking trojan, which pilfers their financial information, Symantec explained. Other victims of this campaign may think they are actually installing the genuine service, after being directed to a malicious webpage via a malicious link or advertisement.

Not everyone who downloads a third-party Netflix service app ends up infected with malware, whoever. Some will get the discounted access they were seeking—but at a cost to other innocent victims. In some instances, the unauthorized service actually registers a genuine Netflix account for customers, but pays for it with stolen financial information bought off the black market. This allows the service to charge a small fee while still making a profit.

In other cases, third-party services supply their customers with log-in credentials that were stolen from legitimate Netflix viewers. Some of these genuine subscribers were the victim of phishing schemes that tricked them into giving away their credentials in order to remedy a non-existent payment issue.

“Netflix subscriptions allow between one and four users on the same account. This means that an attacker could piggyback on a user's subscription without their knowledge,” the Symantec blog post explained. For that reason, unauthorized Netflix service providers typically ask their customers not to modify passwords or other account information, because such a change might alert the legitimate account holder that something is amiss.

Symantec recommends that consumers subscribe only to the legitimate Netflix service. Also, in an interview with, Satnam Narang, senior security response manager at Symantec, recommended a precaution that current Netflix customers can take to ensure no one is piggybacking off their accounts:

“If you go into your Netflix account…go into ‘Recent Activity' and look at viewing activity. From there, check to see which devices have checked in and accessed the service,” said Narang. “It shows you the IP address, and the geolocation of where [the log-in was] coming from. Users should definitely go and check that from time to time, because you might not know someone from another country is accessing that account because your password has been compromised.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.