According to a new report from Symantec, your Netflix account might be used for Netflix and Chill without your knowledge. The streaming service has become a regular target of malware and phishing attacks that is landing compromised accounts on a black market.
One method that has come to prominence recently is a trojan called Infostealer.Banload. The malicious software steals personal information, including bank accounts, from computers it’s installed on. The trojan is generally installed through a download acquired by users who click on advertisements promising cheap or free versions of Netflix. It’s disguised to look like an official Netflix executable file.
According to Symantec, the Infostealer.Banload trojan has primarily affected users in Brazil, a country where piracy has been notoriously common. According to a 2014 study from the Business Software Alliance (BSA), more than 50 percent of all software licenses in Brazil are not original.
Netflix has been successful in the country; it launched in Latin America in 2011 and has become a popular option for movie fans in Brazil, and has been cited as one of the reasons for the downward slope of piracy in the nation.
The temptation for free access isn’t the only thing driving the rash of stolen accounts, though; phishing efforts that suggest to users a need to secure their accounts actually tricks them into surrendering their credentials. The emails often suggest to recipients that their account information needs to be updated or that a problem occurred with their monthly payments. Clicking on the link redirects to a fake site that steals the account information entered by the user.
“Netflix’s popularity, lineup of original content, and recent global expansion to more than 190 countries around the world makes Netflix an attractive target for phishing and other malicious attacks,” Satnam Narang, senior response manager for Norton by Symantec, told the Daily Dot.
What happens to the accounts that get stolen? They often land on the black market, where scammers offer up the emails and passwords that belong to gullible users who give them up. Sold for a fraction of the cost of a standard Netflix subscription, the hidden marketplace takes advantage of the fact that Netflix commonly lets users stream from multiple devices.
The sellers of these stolen logins often request that purchasers not change the passwords, as doing so would tip off the account owner that they were compromised.
Narang said these trades for stolen subscription services are “fairly commonplace” in darker corners of the Web—and for more than just Netflix. “Where there is demand, there will be supply, so the black market for access to these services for relatively cheap will persist,” he said.
Netflix securely stores payment information, so the stolen accounts amount primarily to an inconvenience—but one that users would still likely prefer to not fall victim to. Keeping an eye on account activity, including recently watched shows, is the easiest way to spot strange behavior. Larger breaches can be checked on services like Have I Been Pwned?
Narang suggests users access their Netflix account through a browser, go to the settings and choose to sign out of all devices, then change the password for the account. He also recommended visiting the activity page on their account and checking for recent logins from unknown locations.
Netflix did not offer specific remedies for the malware of phishing attacks highlighted by Symantec, simply pointed to its database of security advice. “We also pro-actively monitor our member accounts for fraud and alert members if we see anything suspicious,” a spokesperson told the Daily Dot via email.