Blog :: Security Operations

New Netflix Scam Preys on Penny-Pinching Pirates


A new Netflix scam infects those trying to create fake login credentials to the popular television streaming service.

Somewhere in the last two decades, television grew into a medium full of acclaimed, thoughtful content. Now there is so much content scattered across different vendors that we’re likely to subscribe to several streaming services, and the costs add up. Netflix, for instance, charges between eight and twelve dollars per month. Some viewers seek illegal ways around the subscription fees by downloading the content from illegitimate sources or by creating fake login accounts. This is where the new Netflix scam casts its net.

Pirates Get Punished

Some people download generators to create keys or logins that allow them to access whatever content they like without paying for it. The Netflix scam targets these pirates; it looks like a login generator, but then infects the user’s computer with ransomware. Once downloaded and running, it distracts the user with fake login credentials while locking away files under C:\Users with AES-256 encryption. There are 39 file types that it targets:

.ai .asp .aspx .avi .bmp
.csv .doc .docx .epub .flp
.flv .gif .html .itdb .itl
.jpg .m4a .mdb .mkv .mp3
.mp4 .mpeg .odt .pdf .php
.png .ppt .pptx .psd .py
.rar .sql .txt .wma .wmv
.xls .xlsx .xml .zip

These are extremely common file types, including Word documents, Adobe files, music, and more. Anyone would lose something that they would need to get back.

When the encryption is done, the ransomware displays a message demanding $100 in bitcoin in return for the files. Sadly, even if the user complies, there is no guarantee that the files will be decrypted as promised. For one thing, many types of ransomware come with bugs that make recovery impossible. For another, the hacker may still choose not to decrypt your files—their “customer service” is not what it once was.

Netflix Scam Ramifications

I believe this will affect teens and college students in particular. Not having the money to spend on streaming services, or wanting to keep what little they have, they are more likely to resort to piracy. But because of the file types targeted, they will lose all of their school work. Due to the huge academic pressure students already endure, I think they’ll give in to the ransom.

The Netflix scam could be an indication of a growing trend in using popular vendors as a lure to trick users and infect them with ransomware. Netflix, for example, enjoys a subscriber base 93 million users strong. I don’t know anyone who doesn’t use at least one streaming service; I’m already subscribed to Netflix, Hulu, and Crunchyroll, with HBO on the horizon. Something that widely used makes a tempting lure—and easier prey for hackers.

To Pirate or Not To Pirate

What’s particularly interesting (or, perhaps more accurately, ironic) toNetflix scam targets pirates me is that the Netflix scam could instantly be more effective at persuading people to stop pirating than any anti-piracy messaging from official establishments has been since the days of Napster.

My advice is: back up, back up, back up. And, even more importantly, don’t pirate content to begin with. $8 per month for a worthwhile service becomes much smaller when compared to $100 in ransom fees.

Of course, it’s up to you to decide whether you must see “must see TV.”

For more cybersecurity news, follow @Plixer on Twitter.