A bogus Netflix app has been circulating around certain online forums, causing problems for those downloading the software. Taking advantage of users who may be seeking out a functional version of the app for unsupported devices, a mock log-in screen collects account usernames and passwords and ships them off to a central server. The app appears to do little else.
The question here is why would someone go through all the trouble of collecting Netflix account info? Once granted access to an account, the would-be thief has access to very little personal details and won’t be collecting on the limited credit card info provided. As CNET notes, it is possible the app is a test run for something a bit more devious, like a fake banking app, but that is speculation at this point. The more likely story? Someone didn’t want to deal with Netflix rate hike and was hoping to collect a nice list of freely accessible accounts. Who wouldn’t want all those free movies?
[via CNET]
They can sell the login info. It will be good for free Netflix till people change their passwords. Plus, many people use the same passwords for other stuff as well, so maybe they will try to hack other accounts also…
The point of an attack like this may seem to not do much damage but it can because people reuse logins and passwords. Once theyave your login info they use it on other more damaging sites that you may have used the same info on. This how most hackers gain access to corporate email aaccounts and other more damaging stuff
Exactly what I came here to say. I imagine a large percentage of users have the same password for their email account. For an Android user that signs into Netflix with the same email and pw, these people now have access to your entire Google account: Shopper, Wallet, Market… everything.
Download and install safely, kids!
People should never be installing random software from untrusted sources.
And this site encourages this bad practice all the time, posting links to leaked applications on rapidshare, etc. It’s terribly irresponsible, and you should really stop.
I totally agree.
Phandroid (among others) shouldn’t give people the habit of installing cracked apps.
It may seem harmless because you trust your sources, but it leads to risky behaviors.
Thats just it, if you trust the source then its not a risky behavior. Phandroid (and the forums) in NO way support ‘cracked’ apps fwiw
It’s not a risky behavior, it LEADS to risky behaviors.
Let me explain you : if they share the app, people think downloading unofficial apps is normal since a serious tech site does provide some (or where is the limit ?) and then they download the bogus Netflix app.
Editors of a site like this one have responsabilities and should always set a good example.
There was a cracked Flash Player shared on Phandroid some time ago, but the article was deleted (http://ydfgg.com/2011/07/14/cracked-flash-player-10-1-app-works-on-previously-incompatible-devices-download/ ), and you regularly see links to leaked versions of Google Apps we’re not supposed to have.
It’s not very serious, but that’s not their role.
I disagree, of course that is your opinion and i respect that.
We (Androidforums) discourage the use of ANY file sharing service to distribute apps for the most part. The problem with netflix is that there are literally thousands who only have the app because of places like AF and xda. Would say that if you are gonna get something like this from the forums make sure a trusted user is the one posting it.
Sweet example pic! The OG MyTouch! lol!
Not to mention Netflix became available on the Market to ALL users about a week ago.
This is exactly where Android really is vulnerable. The completely ‘openness’, part of what makes Android great, opens consumers up to great vulnerabilities. Not everyone that is using/going to use Android is going to be as savvy and careful as most people that read this site.
Now, I am NOT an Apple Fanboy, but, Android needs to adopt a system of ‘oversight’ for apps available through their market. Not endorsing censorship, just a review process that approves/disapproves apps based on whether they do what they advertise, and whether it does anything malicious.
The fake Netflix app was not from the Market. It was being downloaded from forums etc.