New Wormable Android Malware Spreads Through WhatsApp Messages megasearchsu, entershopst
Check Point Research (CPR) team has recently discovered a new Android malware that tricks the users into promising to provide them Netflix premium subscription for free.
The malware that is in question is basically an app that is known as “FlixOnline,” and posing itself as a legitimate version of the streaming service, Netflix to trick the users.
This malicious app was recently removed from the Play Store after being identified as Android malware. But, when it was available in the store, it was downloaded more than 500 times.
This newly discovered malware seeks to gain the necessary system permissions to steal sensitive data and take control of WhatsApp on the infected device.
The new malware, FlixOnline uses the WhatsApp messages to spread itself, and it’s programmed in such a way, that it replies to each incoming messages automatically from the app itself through a remote server.
In certainty, this malicious app, FlixOneline is basically designed to monitor the owner’s WhatsApp notifications, so, that they can send automatic replies to the owner’s incoming messages, using the content it receives through a remote command and control server.
This method allows the threat actors to spread phishing sites for phishing attacks, spread other malware or malicious files, spread fake news and much more.
After installation, this malware requests a series of permissions that helps the operators of this malware to achieve their goal.
Here’s one of the responses used by the malware to lure the users:-
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”
The operator of this malware, FlixOnline can easily perform several malicious tasks, and here they are mentioned below:-
Apart from this, the cybersecurity firm, Check Point has already informed Google about this malware, and as a result Google already removed this malicious app.
Just like Google, they have also informed Facebook, the developer of WhatsApp, where no action has been taken yet, since, there is no vulnerability or flaws in the messaging services of the above-mentioned portals.