A new generation of Android malware has been discovered in the Google Play Store designed to sabotage your WhatsApp chats. Security researchers at Check Point have discovered the dangerous new malware that is spreading by sending malicious links to your WhatsApp contacts – from family members to close friends and group chats. Anyone who taps the link sent from your WhatsApp account will be redirected to a fake Netflix site that steals credentials for your Netflix account or credit card information.
The malware was discovered in an app called FlixOnline, which promises unlimited streaming of TV shows and movies. When FlixOnline was discovered by the Check Point team, it was available as a free download from the Google Play Store. This is the pre-installed app repository found on almost all Android smartphones and tablets (with the exception of the latest Huawei phones, which use the App Gallery instead).
FlixOnline uses Netflix’s iconic “N” logo and graphics from Stranger Things and other Netflix exclusive shows to entice Android smartphone and tablet owners to download the app.
Android users who unfortunately have to download FlixOnline are asked to grant a dizzying number of permissions. This is pretty standard for all third-party Android apps downloaded from the Play Store. Therefore, alarm bells may not go off. However, the permissions requested by FlixOnline are specifically designed to allow this malware-laced app to spread more widely with the help of your WhatsApp conversations.
MORE LIKE THAT
WhatsApp ends one of the biggest nightmares when switching from iPhone
Anyone who gives the permissions allows the application to reply to all incoming text messages on WhatsApp with a link to a deceptive Netflix site. To get people to click, the message next to the link promises two months of free Netflix due to the ongoing coronavirus pandemic. An example of the type of message sent with the dangerous link is: “2 months of Netflix Premium Free free For quarantine reasons (CORONA VIRUS) Get 2 months of Netflix Premium Free for 60 days anywhere in the world. Download now HERE”
When the person clicks the link, they’ll either be prompted to log in with their existing Netflix login (so the hackers can steal their email address and password combination – potentially unlocking dozens of other online accounts) or if so If you don’t already have an account, create a new one. When they create a Netflix account when prompted, the hackers steal their credit or debit card information. Either way, it’s really bad.
Since the FlixOnline malware replies to all incoming messages, individual conversations and group chats can quickly become filled with these malicious links, especially if you are not careful.
Check Point security experts have already reported the dangerous malware to Google, which removed the app from the Play Store. This is great news as no one else can download the app. However, Google does not remove the apps that are already installed on Android devices worldwide.
If you’ve recently downloaded the app, you’ll need to remove its permissions and delete it from your device immediately.
Since the malware appears to be quite effective, Check Point researchers believe FlixOnline will set a trend that numerous apps will copy. That means anyone who downloads from the Google Play Store needs to be more careful than ever. Check Point recommends that users only download apps from trusted developers, keep their devices running the latest operating system updates, and use a security solution to keep an eye out for malware.
Aviran Hazum, Manager of Mobile Intelligence at Check Point Software, said, “The malware technology is new and innovative and aims to hijack users’ WhatsApp accounts by capturing notifications and pre-defined actions such as” Dismiss “or” Responses. ” “are executed. via the Notification Manager. The fact that the malware was so easily camouflaged and ultimately bypassed Play Store protection raises some serious red flags. Although we stopped a campaign with this malware, the malware may be returned hidden in another app.
“The protection of the Play Store can only go so far that mobile users need a mobile security solution. Fortunately, we spotted the malware early on and quickly passed it on to Google – which acted quickly too. Users should be wary of any download links or attachments they might get through WhatsApp or other messaging apps, even if they appear to be from trusted contacts or messaging groups. If you think you are a victim, we recommend removing the application from the devices immediately and changing all passwords. “
The FlixOnline app was downloaded approximately 500 times within two months. Not only did Check Point keep Google up to date, it also shared its research with WhatsApp, even though WhatsApp has no security flaw. Instead, the malware uses the ability to reply to text messages from the notification shadow.
