WARNING: Hacked NETFLIX APP Found to be Sending Credit Card & Passwords to Hacker Server in Russia, Even found Installed on New Phones!


Pre-article Commentary: by Jarrett Neil Ridlinghafer

Steps You Should Take Immediately

  1. Disable Netflix so it can do no more harm, if it is corrupted – I go into your phone settings and “Disable your Netflix App” if you have it installed on your Android or iOS device
    • On my Android HTC One you can do that by going into “Settings > Applications > > All (Fling the screen to the right two screens so it shows the  “ALL” Menu on the top) > Scroll down to Netflix and click on it. Inside select “Disable Application” when it asks if you really want to, click Yes or OK whichever it has
  2. Install an Antivirus Protection:
    • Go to Google Play and download one of the following Antivirus Applications:

The Android and Apple Operating Systems are both Unix/Linux based systems instead of windows which means although you do not have the same risks and vulnerabilities you will find in a windows operating system, instead it has its own set of vulnerabilities such as root-kits and  the most common way to hijack a UNIX machine other than directly penetrating an open port is via malware which, unlike a Trojan which is a separate app hiding inside a normal app, malware has completely taken over an app like Netflix. It sill works exactly like Netflix App so you never know there is anything wrong however, the hacker has “hacked the code” and modified it to do a lot more than just allow you to watch movies, it now has little mini-me criminal agents running around on your phone in disguise and stealing credit card data, usernames & passwords etc. Successful Malware attacks according to the reports I’ve read, have increased 20% over 2013 due to the rise in smartphone/mobile device sales

They are all highly reputable and recommended security and antivirus vendors who have all been developing software for the PC market for years and these are their new Mobile app versions. So you can rest assured any one of them will offer the best protection currently available today. What do I use? I’ve been using AVG for many years and believe it is the best free software available for both the Windows PC and Android OS, but again I’ve used each of the ones above with the exception of 360 which is made by a company I’ve never heard of however they have over 1.5 million downloads of their app with 4.5 of 5 stars as their average which means it is offering top of the line protection that people like.

IDG News Service – David Jevans, CTO and founder of Marble Security, recently received some bad feedback from a potential customer testing his company’s product, which helps organizations manage and secure their mobile devices.

“They basically said ‘Your stuff doesn’t work’,” Jevans said. “It thinks Netflix is malicious.”

Marble Security performs static code analysis of Android and iOS applications, which shows what the code is supposed to do. Apps are also run through an emulator with instrumentation that allows analysts to get a larger view of how an application performs. They also check an app’s network traffic to see if it is communicating with known malicious servers.

After taking a close look at the suspicious application, Jevans said they found it wasn’t the real Netflix app.

“We’re like, yeah, this isn’t the real Netflix,” Jevans said “You’ve got one that has been tampered with and is sending passwords and credit card information to Russia.”

Security experts have long warned that downloading applications from third-party marketplaces for the Android platform is risky since the applications have often not undergone a security review. Google patrols Android apps in its Play store, but malicious ones occasionally sneak in. Apple’s App Store is less affected due to the company’s strict reviews.

With the fake Netflix application, the organization told Marble Security the app was pre-installed when it bought the device. Marble Security then looked at devices from its other customers and found the problem was widespread. They found a fake version of Netflix on phones and tablets from at least four different manufacturers, Jevans said.

“We suspect for most of them, it is preinstalled,” Jevans said.

Marc Rogers, principal security researcher with Lookout Mobile Security, said his company has seen instances of malware show up on new phones. Lookout found a variant of a family of Chinese malware on new devices imported on the gray market from China.

“We can say that we’ve seen malware authors target device supply chains as a way to install malware in a device before it ends up in the hands of a customer,” Rogers said via email.

It is possible that somewhere in the supply chain, a bundle of applications that were not vetted well were installed on hundreds of thousands of devices, Jevans said.

The applications in those bundles “are rarely run through anti-malware or privacy leak detection software,” he said.

Another possibility is that companies are buying refurbished phones, which may have taken a loop through another supply chain with loose security controls.

Marble Security found the fake Netflix app on six devices from Samsung Electronics: the GT-N8013 Galaxy Note tablet, the SGH-1727 Galaxy S III phone, the SCH-1605 Galaxy Note 2 phone, the SGH-1337 Galaxy S4 phone, the SGH-1747 Galaxy S III phone and the SCH-1545 Galaxy S4 phone.

Samsung spokeswoman Jessica Baker said in an email that “if there is a fake Netflix app on the devices, it is something that was not preloaded by Samsung or U.S. carrier partners.” Netflix spokesman Joris Evers said the company did not have a comment.

The fake app was also found on three Motorola Mobility devices, the Droid Razr, Droid 4 and Droid Bionic; two Asus tablets, theA Eee PadA Transformer TF101 and the Memo Pad SmartA MT301; and on LG Electronics’ Nexus 5 phone. Those companies didn’t respond to a queries asking for comment.

Jevans said it’s not Netflix’s fault, as the company is just an attractive target for cybercriminals. At least four different fake versions of Netflix were found by Marble’s analysts, some of which were a modified clone of the real application.

Ideally, an application’s hash — a mathematical calculation of the exact size of the program — should be compared to that of the legitimate application before it is installed at a factory, Jevans said. If those figures are different, it may signal a fake.

Also, the application’s security certificate should be checked to ensure it is not self-signed, a trick that some malware writers use to make their software look more legitimate.

“People aren’t checking the apps that are on these things,” Jevans said.

By: Jarrett Neil Ridlinghafer
Chief Technology Analyst & Consultant
Compass Solutions, LLC
Cloud Consulting International