AXS Guard SOC-analysts recently uncovered a concerning incident. An employee at a client company downloaded what appeared to be a legitimate Netflix app — but it was, in fact, a sophisticated malicious imitation.
This fake app, obtained from sites like sharesub.com and softonic.nl , attempted to connect the device to a botnet.
According to AXS Guard CEO Alex Ongena, this is no coincidence. It reflects a growing trend where cybercriminals exploit familiar consumer behavior — such as streaming content while on vacation — to spread malware. AXS Guard researchers report that 9 out of 10 of these rogue apps are designed to steal sensitive user data, particularly passwords.
Application & Software Packaging
Sites like sharesub.com and softonic.nl may not be inherently malicious, but they can be easily exploited by less trustworthy actors, such as hackers and cybercriminals.
Publishing apps on official app stores is a complex process. As a result, companies looking to release new software often turn to alternative subscription platforms, which offer a faster and easier route to distribution. Alternatively, developers can host their apps on their own websites. However, this approach is typically more challenging from marketing, technical, and user experience perspectives.
Third-party subscription platforms often provide easy access to software bundles or packages, which combine multiple apps or tools into a single installer.
This brings us to the concept of Application Packaging — the process of converting existing software installers into a format suitable for automated software distribution.
Application Packaging emerged from the need to install applications across systems automatically, and it offers several key advantages for organizations:
- Standardized installation processes across systems.
- Fast and simultaneous deployment of software on multiple workstations.
- Seamless updates without user intervention.
- Efficient license management and usage tracking.
Interestingly, Application Packaging is also a method that is sometimes used by parents as a way to monitor or control their children's online behavior — a form of digital parental supervision.
However, there's a significant caveat.
PUPs and PUAs
Malicious software can compromise user privacy and weaken the security of a device—and potentially the entire network it’s connected to.
Application packaging offered through subscription plaforms such as sharesub.com can be a powerful tool for cybercriminals — and is often used to target unsuspecting users. While users may intend to download just one application, they unknowingly download and install more than they bargained for, a.k.a. Potentially Unwanted Programs (PUPs) or Potentially Unwanted Applications (PUAs).
The primary goal of these hidden programs is to gain initial access to a user's device—typically a smartphone, laptop, or PC. Once compromised, the device can be integrated into a botnet and exploited for a range of malicious activities.
Victims—whether individuals or organizations—can then be exposed to multiple cyber threats, including adware, spyware and SEO poisoning.
Several open-source projects and independent developers have publicly condemned third-party platforms that repackage their software with unwanted bundles—often without the developer’s knowledge or consent. This widespread practice is seen as unethical, as it undermines user trust and compromises security.
Even widely respected and user-friendly applications such as VLC Media Player and GIMP (a free image editing tool) have been heavily affected by this issue. Their installers have frequently been bundled with PUPs and PUAs on unofficial download sites, leading to unintended consequences for users.
Back to the Netflix Incident
The malicious version of the fake Netflix app attempted to connect to botnet.
Fortunately, AXS Guard SOC analysts detected the app's suspicious behavior in time. Thanks to their quick response, neither the employee nor the company experienced any negative impact. But how can such incidents be prevented in the future?
For organizations, we strongly recommend partnering with a trusted provider of Managed Cybersecurity Services . Without the vigilance and expertise of our SOC analysts, the consequences could have been far more severe.
For users, it's important to always exercise caution when downloading and installing software.
Security experts and developers strongly advise downloading the latest version of any application directly from the official project website or through a trusted package manager.
What should you pay attention to when downloading
software or applications?
1. Stick to Official App Sources
Looking for popular apps like Netflix? Be extremely cautious about where you download them from. Websites such as sharesub.com, download.com, and other subscription platforms frequently offer software bundles – packages that install multiple programs simultaneously. The danger? You might get more than you bargained for, including unwanted software or even malicious programs designed to secretly access your device.
- For PCs and laptops, always download the software directly from the official website of the software provider.
- For mobile apps, use only the official App Store (Apple) or Google Play Store (Android).
2. Stay Vigilant—Even in Official App Stores
Even official app stores aren’t completely immune to malicious apps. Remember FlixOnline? It posed as an official Netflix app for a time, but it was anything but legitimate. Cybercriminals prey on unsuspecting users, and publish malicious apps to gain access to devices. When downloading any app, be sure to double-check the following:
- App Name: Does it look suspicious? Watch out for unusual spellings, characters, or names that mimic popular brands.
- Developer: What is the name of the software manufacturer (e.g., Netflix, Meta, Google)? Be cautious if the name seems unfamiliar or unrelated.
- Reviews & Ratings: A flood of negative or overly enthusiastic reviews should be considered
as a red flag.
3. Stay in Control: Download Only What You Trust
Whether you're after a video app, photo editor, or a new streaming service, a single click on the wrong link can be enough to unknowingly add your device to a botnet. Take an extra moment to verify exactly what you are downloading and installing.
Installing unverified software or apps on devices used for work can have serious repercussions for your organization's entire IT infrastructure. If you're unsure, always consult your company's IT department, an IT partner, or a cybersecurity expert.
Interested in more technical insights?
» Contact us
This incident was also picked up by the editors of HLN
Read: “Logingegevens worden gestolen en doorverkocht”: Belgisch cybersecuritybedrijf waarschuwt voor fake Netflix-apps"
Don't Let a Download Ruin Your Vacation