New Android malware has been discovered that exists as an app on Google Play and is believed to be spread through WhatsApp conversations. Called FlixOnline, the app claimed to allow users to view overall Netflix content. It was, however, designed to monitor the user’s WhatsApp notifications and send automatic replies to their incoming messages with the content they receive from the hacker. Google immediately removed the app from the Play Store after contacting the company. However, it was downloaded hundreds of times before it was deleted.
Researchers from the threat intelligence firm Check Point Research discovered the FlixOnline app on Google Play. When the app is downloaded from the Play Store and installed, the underlying malware starts a service that requests “Overlay”, “Battery Optimization Ignore” and “Notification” permissions, the researchers said in a press release. .
It is believed that the purpose of obtaining these permissions allows the malicious application to create new windows on top of other applications, prevent the malware from shutting down by the battery optimization routine of device and access all notifications.
Instead of activating a legitimate service, the FlixOnline app monitors the user’s WhatsApp notifications and sends an auto-reply message to all WhatsApp conversations that lures victims with free access to Netflix. The message also contains a link that could allow hackers to obtain information about the user.
The “wormable” malware, which means it can spread on its own, could spread further via malicious links and could even extort users by threatening to send sensitive WhatsApp data or conversations to all of their contacts.
Check Point Research has informed Google of the existence of the FlixOnline app and details of its research. Google quickly removed the app from the Play Store upon receiving the details. However, the researchers found that the app was downloaded almost 500 times in two months, before going offline.
Researchers also believe that even though the app in question was removed from Google Play after being reported, the malware could come back through another similar app in the future.
“The fact that the malware could have been disguised so easily and ultimately bypassed Play Store protections raises serious red flags. Although we have stopped a malware campaign, the malware family is likely to stay here. The malware can come back hidden in a different application, ”said Aviran Hazum, director of Mobile Intelligence at Check Point, in a prepared quote.
Affected users are advised to remove the malicious application from their device and change their passwords.
It is important to note that while the malware variant available through the FlixOnline app has been designed to spread via WhatsApp, the instant messaging app does not include any particular flaws that allow the circulation of malicious content. Instead, the researchers found that it was Google Play that was unable to restrict access to the app at first glance, despite using a mix of automated tools and protections. preloaded, including Play Protect.
What is the best phone under Rs. 15,000 in India right now? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 11:54 PM), we talk to OK Computer creators Neil Pagedar and Pooja Shetty. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and anywhere you get your podcasts.