Home > Cyber News > Infostealer.Banload Distributed via Netflix Phishing Campaigns

Infostealer.Banload Distributed via Netflix Phishing Campaigns

netflix-and-don't-chill-malware-phishing-stforumAre you a fan of Netflix? If so, be extra cautious since Netflix has drawn the attention of malware actors. According to researchers at Symantec, Netflix users are currently being targeted by a new malicious campaign.

Netflix Malware Operations Explained

As pointed out by Symantec’s researchers, Netflix’s popularity has increased a lot since 1997 when the company was launched. Netflix is now available in over 190 countries around the globe.

Because of its popularity, Netflix is now targeted by malicious attackers who have created phishing campaigns, aimed at users’ information. The information harvested during the campaign is then added to a growing black market allegedly providing cheaper access to Netflix services.

In other words, the malware campaign is representing itself as a cheaper mean to access and watch movies on Netflix.

One way employed by attackers involves malicious files masqueraded as Netflix software. The malicious files are downloaders that, upon execution, open a Netflix-themed home page and silently download Infostealer.Banload.

Infostealer.Banload is classified as a Trojan horse. Once installed on a victim’s system, it opens a back door and harvests information. In addition, the Trojan may also download other malicious files.

Symantec warns that the primary victims of Infostealer.Banload are located in Brazil. However, there is no telling where the Trojan will be ‘released’ next.

Infostealer.Banload Distribution Path

Even though such Trojans are usually distributed via spam emails, the Netflix operation is most likely triggered by users who have been lured by fake ads and offers suggesting cheaper access to Netflix services.

First infection cases of Infostealer.Banload were observed in October 2015. Targeted systems included Windows XP, Windows Vista, and Windows 7.

Researchers also raise the flag about Netflix-themed phishing scams, the most recent of which was registered on January 21. The phishing campaign was employed against Netflix users in Denmark.

Get to Know Phishing

During this particular campaign, users were asked to navigate to a fake Netflix website to confirm their identity in order to fix a problem with a payment. Two outcomes of the phishing campaigns are a) losing Netflix credentials and b) losing personal data such as credit card details.

To stay against any fraudulent attempts exploiting Netflix, users should not use any suspicious Netflix membership services, which have nothing to do with the actual Netflix. Instead, if tricked by such attempts, users will be provided access to hacked Netflix accounts that may sponsor criminals for future operations.

Protection Tips against Infostealers

  • Make sure to use additional firewall protection. Downloading a second firewall (like ZoneAlarm, for example) is an excellent solution for any potential intrusions.
  • Make sure that your programs have less administrative power over what they read and write on your computer. Make them prompt you admin access before starting.
  • Use stronger passwords. Stronger passwords (preferably ones that are not words) are harder to crack by several methods, including brute forcing since it includes pass lists with relevant words.
  • Turn off AutoPlay. This protects your computer from malicious executable files on USB sticks or other external memory carriers that are immediately inserted into it.
  • Disable File Sharing – recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
  • Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
  • If you see a service or a process that is external and not Windows critical and is being exploited by hackers (Like Flash Player) disable it until there is an update that fixes the exploit.
  • Make sure always to update the critical security patches for your software and OS.
  • Configure your mail server to block out and delete suspicious file attachment containing emails.
  • If you have a compromised computer in your network, make sure to isolate immediately it by powering it off and disconnecting it by hand from the network.
  • Turn off Infrared ports or Bluetooth – hackers love to use them to exploit devices. In case you use Bluetooth, make sure that you monitor all of the unauthorized devices that prompt you to pair with them and decline and investigate any suspicious ones.
  • Employ a powerful anti-malware solution to protect yourself from any future threats automatically.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share