Black market for stolen streaming accounts thriving

By Dylan Bushell-Embling
Monday, 30 March, 2020

Black market for stolen streaming accounts thriving

The proliferation of entertainment streaming services such as Netflix, Disney+ and Apple Music has created a lucrative new market for attackers, who are stealing valid credentials and selling them at heavy discounts on the dark web, according to Proofpoint.

An analysis into the growing black market for stolen streaming credentials by the cybersecurity company shows that a mature, thriving online market has emerged for stolen streaming credentials.

Proofpoint's research found that attackers are using three main methods to harvest compromised credentials.

The first includes malware attacks including keyloggers and other information extraction tools, Proofpoint said. This malware is often concealed in files or masked to look like legitimate applications to evade detection from users.

Attackers are also using credential phishing attacks such as sending out spoofed emails claiming there is an issue with a prospective victim's streaming account, and asking them to click a link to correct the issue.

These links lead to sites designed to mimic the official streaming site — often near perfect copies of the original — that use login pages to harvest credentials. Sites will often also implement credit card entry pages to try to steal a victim's credit card information at the same time.

The third method involves using previously compromised login details from other sites to attempt to catch out victims who re-use their passwords across multiple sites.

Proofpoint said many Australian victims of such an attack may not even be aware that their streaming details have been stolen and sold and are being used by somebody else for free.

Related News

Malicious mobile apps doubled in last 12 months

There were 29,000 malicious mobile apps detected in 2020 Q1, up from 14,500 in the same quarter...

NAB using voice biometrics to verify customers

NAB has signed on 120,000 customers to its VoiceID biometrics authentication service since its...

New malware can steal data from air-gapped systems

ESET researchers have uncovered a new malware toolkit that appears to be designed to exfiltrate...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd