New malware impersonates Netflix and spreads via WhatsApp

New malware impersonates Netflix and spreads via WhatsApp

Check Point Specialists discovered on the Google Play store, there is a new malware called FlixOnline, which masquerades as the official Netflix app and supposedly allows users to view the content of the streaming service.

In two months, the FlixOnline app was downloaded approximately 500 times, and currently Google engineers have already removed the malware from the official app catalog.

Analysts say that once installed, the malware monitors users’ notifications on WhatsApp and sends automatic replies to incoming messages on their behalf. Special text for such responses is downloaded from a remote server. Typically, it contains an offer of two months of free watching Netflix Premium from anywhere in the world.

New malware impersonates Netflix and spreads via WhatsApp
Malware asks for the necessary permission to work

If installed successfully, the malware allows attackers to distribute malware, steal information and data from WhatsApp accounts, and distribute fake or malicious messages to WhatsApp contacts and groups. FlixOnline is specially designed to spread between devices, and is equipped with worm functionality. Malware is capable of switching from one device to another immediately after an Android user clicks on a link in a message.

“In this case, the attackers used a fairly new attack technique, as well as a technique for intercepting a connection with WhatsApp by hijacking notifications and the ability to perform predefined ‘reject’ or ‘reply’ actions. The fact that the malware was so easy to disguise and ultimately bypass the Play Store’s protection raises serious concerns, ”comments Vasily Diaghilev, Head of Check Point Software Technologies in Russia and the CIS.


ProApk on Telegram

ProApk on Google News

ProApk on Twitter

ProApk on Facebook