A fake version of Netflix that steals personal data and sends it to Russia has been found on several phone models
David Jevans, CTO and founder of Marble Security, recently received some bad feedback from a potential customer testing his company's product, which helps organizations manage and secure their mobile devices.
After taking a close look at the suspicious application, Jevans said they found it wasn't the real Netflix app.
"We're like, yeah, this isn't the real Netflix," Jevans said "You've got one that has been tampered with and is sending passwords and credit card information to Russia."
Marble Security found the fake Netflix app on six devices from Samsung Electronics: the GT-N8013 Galaxy Note, the SGH-1727 Galaxy S III phone, the SCH-1605 Galaxy Note 2 phone, the SGH-1337 Galaxy S4 phone, the SGH-1747 Galaxy S III phone and the SCH-1545 Galaxy S4 phone. The fake app was also found on three Motorola Mobility devices, the Droid Razr, Droid 4 and Droid Bionic; two Asus tablets, the Eee Pad Transformer TF101 and the Memo Pad Smart MT301; and on LG Electronics' Nexus 5 phone.
The lesson? Stay away from all "side-loading"; only download apps from Google Play. You can also check the apps security certificate to see if it is not self-signed which is a trick the bad guys use to make their malware look legit.