Mobile security experts are warning that hackers have created a fake Netflix app for Android smartphones and tablets.
The device passes itself off as the real Netflix Android app but doesn't give you access to Netflix content. Instead, it steals your Netflix log-in information.
Security firm Symantec was among the first to sound the warning, saying existing confusion about Netflix access on the Android platform makes for a ripe situation for hackers. Symantec says Netflix has released the official Android app in bits in pieces, so that users aren't quite sure whether it works on their phones.
The fake app looks very much like the real one, making it even more dangerous. It asks users to log-in to their Netflix account with their user name and password. When they do, they get a message that says their device is not supported by Netflix at this time.
But as they typed in their user name and password, the fake app captured the data and transmitted it to the hacker, who can then sell it. The real app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices.
"A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Andoid.Fakeneflic to exploit," Symantec said in a blog posting.
Divided into two main parts, the fake app is mainly a splash screen followed by a log-in screen where the user information is captured and posted to a server. Symatec says at last check, it appears that the server where the data was being posted is offline.
Once a user has clicked on the “sign in” button, they are presented with a screen indicating incompatibility with the current hardware and a recommendation to install another version of the app in order to resolve the issue. There is no attempt to automatically download the recommended solution.
Upon hitting the “cancel” button, the app attempts to uninstall itself. Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message.