FlixOnline is using WhatsApp to infect users
A new Android malware has been discovered hidden within an app called FlixOnline available on the Google Play Store.
Malicious software is spread by automatic responses to WhatsApp messages sent to the user, and the malicious software is received from a remote control server and commands.
- Security researchers from Check Point say: The new and innovative threat could send more harmful content via automated responses to incoming WhatsApp messages.
Hackers can use malware to distribute phishing attacks, spread additional malware, spread wrong information, or steal login and data from WhatsApp accounts and chats.
FlixOnline masquerades as a service that allows users to view Netflix content from all over the world via mobile devices.
Instead of doing what it promises, the malware monitors WhatsApp notifications to send automatic replies and receive content from its control servers.
The malware message sent to victims via automatic replies provides users with two months of free premium Netflix content at no cost anywhere in the world.
When you download and install the FlixOnline app on Android devices, Check Point researchers say, it starts a service that asks for overlay permissions and ignores battery optimization and notifications.
After obtaining these permissions, the malware is able to create new windows on top of other applications, which usually fake login screens for other apps to steal login data.
Ignoring battery optimizations prevents malware from being stopped by the in-device battery optimization routine even when idle.
Notification access allows malicious software to access all notifications about device messages and to automatically reject and reply to messages across the device.
With these permissions, the malware has everything it needs to distribute malicious data and respond to incoming WhatsApp messages.
And Check Point indicates that it has notified Google responsibly about the software and its research, and Google removed the app from its store, but it was available for two months and was downloaded about 500 times.