FlixOnline App Spreads Android Malware by Promising Free Netflix

The Quint
·1 min read

Check Point Research (CPR) on Wednesday, 7 April, revealed that a fake service app on Google Play Store named 'FlixOnline' distributed the malware to its smartphone users via malicious auto-replies to incoming WhatsApp messages, using payloads received from a remote command and control (C&C) server.

This app offers free Netflix services to users on their smartphones, while monitoring their WhatsApp notifications and sending automatic replies to incoming messages.

By replying to incoming WhatsApp messages, this method could enable a hacker to distribute phishing attacks, spread further malware, or spread false information or steal credentials and data from users' WhatsApp account and conversations, researchers warned.

They further said that, "This 'wormable' Android malware features innovative and dangerous new techniques for spreading itself, and for manipulating or stealing data from trusted applications such as WhatsApp."

How it Works

After the download and installation of 'FlixOnline' application from the Google Play Store the malware starts a service that requests 'Overlay', 'Battery Optimisation Ignore', and 'Notification' permissions.

If the user grants these permissions, the malware then has everything it needs to start distributing its malicious payloads, and responding to incoming WhatsApp messages with auto-generated replies, reported IANS.

Google removed the app from play store after they were informed about it.

"If a user was infected, they should remove the application from their device, and change their passwords," the researchers said.

(With inputs from IANS)

. Read more on Tech and Auto by The Quint.FlixOnline App Spreads Android Malware by Promising Free Netflix88 IIT Roorkee Students Test COVID Positive . Read more on Tech and Auto by The Quint.