Security resarchers discovered a phishing campaign primarily based in the US which is targeting the credit card data and other personal information of Netflix users.
The campaign mimics real Netflix web pages in order to trick unsuspecting users into handing over their personal information and multiple “evasion techniques” have been used by the attackers to avoid detection by phishing filters.
For example, the phishing pages are hosted on legitimate but compromised web servers and were not displayed to users from certain IP addresses where the DNS resolved to companies such as Google or PhishTank.
Writing on the FireEye blog, advanced malware researcher Mohammed Mohsin Dalla explains how the attack starts with an email notification asking users to update their account membership and includes a link directing recipients to a fake Netflix login page.
“Upon submitting their credentials, victims are then directed to webpages requesting additional membership details and payment information,” he says. “These websites also attempt to mimic authentic Netflix webpages and appear legitimate. Once the user has entered their information, they are taken to the legitimate Netflix homepage.”
The campaign also uses AES encryption (Advanced Encryption Standard) to encode the content presented at the client’s side, leveraging code obfuscation to help evade text-based detection by preventing inspection of the webpage content.
“The PHP file is used to encrypt the webpages at the server side,” Dalla explains. “At the client side, the encrypted content is decoded using a defined function in the JavaScript file. Finally, the webpage is rendered using the ‘document.write’ function.”
Netflix finally completed an eight-year cloud migration project to AWS at the beginning of last year, shutting down its last data centre, but was also slammed by Greenpeace earlier this week for falling short on renewable energy commitments.
Quiz: What do you know about the past year in the world of tech?
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
