Skip navigation
Security Blog

Bogus Netflix Android App Attempts to Steal User Information

Netflix has primarily been in the news for recent changes to their business model, with the company spinning off its DVD rental business a few weeks ago as a separate business under the Qwikster label. The move was widely viewed as a embarrassing misstep for the company, which recently backtracked on their decision, shut down Qwikster, and reinstated their original DVD rental offerings.

Now security researchers at Symantec have uncovered a piece of non-functional malware that masquerades as an official Android Netflix app. According to a post by Symantec researcher Irfan Asrar, the original Netflix app for Android was released in early 2011 for only a select number of Android smartphones, owing to differences in handsets and Android OS versions. Malware authors stepped into the void by creating an app -- called Android.Fakeneflic -- for devices that originally were not supported by the official Netflix android app. To date the app has only been spotted outside the official Android Market, and it's important to stress that it isn’t fully functional. Asrar explains in more detail:

"The official app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit."

For more information about this app, I had a phone interview earlier this morning with Liam O’Murchu, manager of operations for Symantec Security Response. Murchu pointed out that while the bogus app appears to steal Netflix login information, the app -- as tested by Symantec -- seems to be only partially completed, since the app doesn't actually send user information, and the server the app attempts to connect to is offline. It's also important to note that Netflix has upgraded their legitimate app to run on all Android devices running Android OS 2.2 or 2.3, and can be downloaded from the official Android Market.

Trojan Netflix Android App
A visual comparison of loading screens from the official Netflix Android app (left) and Android.Fakeneflic


"In this case [the app] is pretending to be a legitimate app," O'Murchu said. "While the app isn't fully functional, it shows that malware creators are constantly trying out different techniques to steal user information and make money." O'Murchu mentioned that other types of malware often piggyback code to legitimate apps, such as the case with malicious software found in the official Android Market earlier this year. O’Murchu also suggested that Android users should follow some basic security tips when it comes to selecting which Android apps to download.


Let me know what you think about Symantec's report by commenting on this blog post or following me on Twitter.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.