The Symantec team has come across a fake Netflix application that seeks to steal account access credentials. In the following image you can see on the left the real version and on the right the false version:
Although there are differences, anyone could confuse them.
This Trojan is detected as Android.Fakeneflic, once the user installs it and enters their data, an error message Your Android TV is not supported is displayed, then the application uninstalls automatically without leaving traces.
However What are the attackers looking for? watch movies on Netflix without paying? Surely not, that's very easy to do. What they are looking for are emails and passwords, it is very likely that many of the victims use the same key on other sites such as Facebook, Twitter or the email account itself. In addition, within the account you can see the type of credit card that the user has and its last 4 digits, this information can be very useful to carry out personalized phishing attacks.
According to Symantec reports, when they tested the application the server that receives the data does not respond. It is possible that attackers were testing and then launching another version, for example they could request confirmation of the card instead of showing an error message, it would be somewhat suspicious for some but many would enter it calmly.
Be very careful with the applications you download! If you are looking for well-known service applications, make sure you are downloading the official apps.