Security resarchers discovered a phishing campaign primarily based in the US which is targeting the credit card data and other personal information of Netflix users.
The campaign mimics real Netflix web pages in order to trick unsuspecting users into handing over their personal information and multiple “evasion techniques” have been used by the attackers to avoid detection by phishing filters.
For example, the phishing pages are hosted on legitimate but compromised web servers and were not displayed to users from certain IP addresses where the DNS resolved to companies such as Google or PhishTank.
Writing on the FireEye blog, advanced malware researcher Mohammed Mohsin Dalla explains how the attack starts with an email notification asking users to update their account membership and includes a link directing recipients to a fake Netflix login page.
“Upon submitting their credentials, victims are then directed to webpages requesting additional membership details and payment information,” he says. “These websites also attempt to mimic authentic Netflix webpages and appear legitimate. Once the user has entered their information, they are taken to the legitimate Netflix homepage.”
The campaign also uses AES encryption (Advanced Encryption Standard) to encode the content presented at the client’s side, leveraging code obfuscation to help evade text-based detection by preventing inspection of the webpage content.
“The PHP file is used to encrypt the webpages at the server side,” Dalla explains. “At the client side, the encrypted content is decoded using a defined function in the JavaScript file. Finally, the webpage is rendered using the ‘document.write’ function.”
Netflix finally completed an eight-year cloud migration project to AWS at the beginning of last year, shutting down its last data centre, but was also slammed by Greenpeace earlier this week for falling short on renewable energy commitments.
Quiz: What do you know about the past year in the world of tech?
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
