I hope the hackers behind this nasty little trick get put under the jail. Exploiting people’s need for Netflix on their phone is evil!
Over on the Symantec blog the company highlights yet another type of security risk Android is currently vulnerable to: fake apps masquerading as legit apps that exist solely to steal your data. Apparently, before the Netflix app became available on the Android market, a fake version of it existed somewhere that did nothing more than collect your username and password, then uninstalled.
Now, don’t panic. If you downloaded the app from the Market, you’re fine. This circulated around back when people were trying to figure out a way to hack the app so it ran on unauthorized software. It may still be out there. What’s most insidious is that it looks very similar to the real app.
If you were one of the brave souls who downloaded an APK, gave it a try, only to get the error screen below, well… have you checked your account lately?
Symantec points out that this particular threat took advantage of Android fragmentation. Had the Netflix app worked for all Android handsets fewer users would have been prone to the trickery.
Bottom line: don’t install any strange apps onto your Android device unless you’re sure they come from a legit source. This includes the Market, Amazon (well, they say they vet those apps), app stores curated by device manufacturers, and maybe the websites of developers.