The malware was bundled with “FlixOnline,” a fake app on Google Play that promised free Netflix subscription.
“Wormable” Malware Bundled in Fake “FlixOnline” App
Check Point Research discovered the “wormable” malware on Google Play hidden in a fake app called “FlixOnline.” The app promised two months of premium Netflix subscription for free and claimed to let one watch Netflix content from all over the world.
However, once installed, the app would ask you for permissions to overlay content over other apps and read all incoming notifications on your device. The first permission grants the malware the ability to read your personal and sensitive information, while the second allows it to all your incoming notifications, including those from WhatsApp.
To ensure the OS does not shut it down for excessive battery consumption, the malware also requests the ‘Battery Optimization Ignore’ permission. With all the permissions in place, the malware can secretly steal your WhatsApp conversation data.
The Malware Further Spread Itself by Sending Fake WhatsApp Messages
The malware further spreads itself by replying to incoming WhatsApp messages with malicious content disguised as a free Netflix subscription: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE.”
Upon clicking the link, the recipient of the message would be sent to a fake Netflix website, where they are prompted to enter their credit card details and login credentials. However, since a command-and-control server controls the message that’s delivered, it could be pointed to different phishing websites or malware payloads.
You can follow this guide on how to remove a virus from your Android device without a factory reset.
Google Has Already Removed the Fake App From the Play Store
Check Point Research says that the fake “FlixOnline” app was downloaded approximately 500 times from the Play Store, but was removed quickly by Google once it was informed about it.
Streaming services have seen a surge in their userbase due to the ongoing pandemic. Threat actors are capitalizing on this trend, as evident from the fake “FlixOnline” app, which tried to lure users by offering them a free Netflix subscription for two months.
A more dangerous “System Update” Android malware was discovered recently as well. It can steal all data stored on your device, including your photos, messages, browser history, and more. Unlike “FlixOnline” though, it did not make its way to the Google Play Store.
Think there’s a problem with your iPhone or Android device? Here’s what to do if your phone has been hacked.
About The Author