New research discovered an Android malware in an app on Google Play. The app tempts the users by offering them free Netflix subscriptions.
The security researchers at Check Point claimed that the new Android malware appears like a Netflix app that spread like a worm-like by victims’ WhatsApp messages. The malicious Netflix-looking app is present as FlixOnline in the Google Play Store. The app requests permissions from the users to create a fake login screen for other apps. The essential purpose behind this is to steal the login credentials and get hold of all notifications received on the device by hiding WhatsApp notifications and replying automatically to them.
The bogus app also sends an automated reply to every message users received on WhatsApp. They encouraged them to visit the fake Netflix website designed to steal login and credit card details.
Besides this, the WhatsApp messages also promise two months of Netflix premium free after clicking on the malicious link. The malware can also spread through other malicious links to rob users’ data, deliver nasty messages to users’ WhatsApp contacts and groups, and threaten users to leak their sensitive data.
It is the second time that FlixOnline has been caught spreading malware via WhatsApp. In January 2021, Lukas Stefanko, a researcher at ESET also discovered a fake app like this. He revealed a fake Huawei mobile app that uses the same method to perform a wormable attack.
The spread of this wormable Android malware has raised severe red flags. The prominent one is that how malware successfully bypasses the Play Store protection filters and infects the users via WhatsApp messages. Google has now removed the malicious FlixOnline app after being notified by Check Point. Before Google released the app, it was only downloaded around 500 times.
The security experts suggest users immediately download a security solution on their device and change all their passwords. They should download the apps from official marketplaces and keep their software updated to remain safe from Android malware.