A fake Netflix app on Google Play Store intended to spread malware by automatically replying to WhatsApp messages. However, Google has now removed the app called FlixOnline.
According to security firm Check Point Research, the FlixOnline app sported a Netflix-like look to fool users. Not only that, it also promised two months free subscription to users through WhatsApp messages.
The free subscription app shared a link that redirected users to a website to simply capture their personal data, including their credit card details. Many Android users downloaded the fake app mistaking it for Netflix.
By responding to incoming WhatsApp messages, this method could allow a hacker to distribute phishing attacks, spread other malware or spread false information or steal credentials and account data and data. WhatsApp conversations of users, according to experts.
The FlixOnline app was available for almost two months with around 500 installs before Google removed it last month.
This is how it worked
Once the FlixOnline app was installed on the Android smartphone from the Play Store, it requested three permissions: screen overlay, battery optimization ignored, and notification.
As permissions were granted, the malware had everything it needed to start distributing its malicious payloads and responding to incoming WhatsApp messages with automatically generated responses.
Check Point researchers said the overlay is used by malware to create fake logins and steal user credentials by creating fake windows on top of existing apps.
The FlixOnline app then “ listened ” to the notifications and automatically responded to WhatsApp chats with a message.
It stresses that users should be wary of any download links or attachments they receive through WhatsApp or other messaging apps, even when they appear to be from trusted contacts or messaging groups.