A new day and here comes a new malware that aimed to trick Android smartphone users and steal their private data without their consent. As per a report coming from security firm Check Point Research, a fake Netflix app on Google Play Store targeted to spread malware by automatically responding to WhatsApp messages. Google has taken down the app now that goes y the name FlixOnline. Also Read - Google releases new voices for Android apps by updating its text-to-speech engine
The security firm Check Point Research stated that the FlixOnline app sported a Netflix-like look to trick users and promised two months of free subscription through WhatsApp messages. The message that promised to offer free subscription came along with a link that redirected to a website to just capture your personal details including credit card details. Also Read - Google Stadia is shutting down: Here’s what will happen to your purchases
The fake app unfortunately was downloaded by hundreds of Android users. The FlixOnline app was available for nearly two months with around 500 installs before Google removed it last month. Also Read - Google is making shopping easier than ever with five major updates to Google Shopping
Here’s how the Android malware worked
-Once the FlixOnline app was installed on Android smartphone from the Play Store it asked for three permissions: screen overlay, battery optimization ignore, and notification.
-Check Point Researchers stated that overlay is used by malware to create fake logins and steal user credentials by creating fake windows on top of existing apps.
-The FlixOnline app then “listened” for notifications and automatically responded to WhatsApp chats with a message.
The message looked like below:
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw”.
The report from security research agency Check Point Research quoted Aviran Hazum, Manager of Mobile Intelligence who said that this is novel method of spreading malware. Hazum stated that the app has been removed from the Google Play Store but could return in another form.
He said stated in the report, “the malware’s technique is new and innovative, aiming to hijack users’ WhatsApp account by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app.”
The security researcher further added that this incident also highlights the limitations of Google Play Store’s in-built protections as Google couldn’t detect malware in the said app through its automated tools. Well, this isn’t the first time that incident like this has been highlighted. It should be noted that Facebook owned messaging platform WhatsApp doesn’t have any vulnerability that enabled the spread of malware.