According to a Symantec researcher, Android.Fakeneflic takes advantage of a gap in availability, combined with the large interest of users attempting to get the popular Netflix service running on their Android device.
Reporting on the fake app in his latest security posting, Irfan Asrar of Symantec's Japanese research labs, the fake Netflix app is a textbook case of an information stealing trojan that targets account information.
“The malicious app is not too difficult to understand. Despite the fact that there are multiple permissions being requested at the time of installation – identical to the permissions required by the actual app – our analysis shows that this is, in fact, a red herring, probably used to add to the illusion that the end user is dealing with the genuine article”, he noted in his posting.
Asrar goes on to say that the bogus Netflix app – which is divided into two main parts – is largely just a splash screen followed by a login screen where the user information is captured and posted to a server.
Once a user has clicked on the Netflix 'sign in' button, they are presented with a screen indicating incompatibility with the current hardware and a recommendation to install another version of the app in order to resolve the issue.
There is, noted Asrar, no attempt to automatically download the recommended solution. Upon hitting the 'cancel' button, the app attempts to uninstall itself – any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message.