Check Point Specialists discovered on the Google Play store, there is a new malware called FlixOnline, which masquerades as the official Netflix app and supposedly allows users to view the content of the streaming service.
In two months, the FlixOnline app was downloaded approximately 500 times, and currently Google engineers have already removed the malware from the official app catalog.
Analysts say that once installed, the malware monitors users’ notifications on WhatsApp and sends automatic replies to incoming messages on their behalf. Special text for such responses is downloaded from a remote server. Typically, it contains an offer of two months of free watching Netflix Premium from anywhere in the world.
If installed successfully, the malware allows attackers to distribute malware, steal information and data from WhatsApp accounts, and distribute fake or malicious messages to WhatsApp contacts and groups. FlixOnline is specially designed to spread between devices, and is equipped with worm functionality. Malware is capable of switching from one device to another immediately after an Android user clicks on a link in a message.
“In this case, the attackers used a fairly new attack technique, as well as a technique for intercepting a connection with WhatsApp by hijacking notifications and the ability to perform predefined ‘reject’ or ‘reply’ actions. The fact that the malware was so easy to disguise and ultimately bypass the Play Store’s protection raises serious concerns, ”comments Vasily Diaghilev, Head of Check Point Software Technologies in Russia and the CIS.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in