Security News > 2021 > April > Fake Netflix App Luring Android Users to Malware

Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages.

The discovery was reported to Google, and the malware - dubbed FlixOnline - has been removed from Google Play; but the researchers expect the methodology to return and be reused in other malware.

The researchers found the malware hidden in the FlixOnline app that claims to allow its users to view any Netflix content, anywhere in the world, free for two months on their mobiles.

The first is usually used to create fake login screens to steal user credentials; the second is used to prevent the malware being shut down automatically despite long idle periods; and the third - the most important - provides access to all notification messages received by the device with the ability to automatically dismiss or reply to those messages.

These permissions allow the hacker to spread further malware via malicious links, to steal data from WhatsApp accounts, and spread fake or malicious messages to the user's WhatsApp contacts, including work-related groups.

"The malware's technique is new and innovative," says Aviran Hazum, manager of Mobile Intelligence at Check Point Software, "Aiming to hijack users' WhatsApp account by capturing notifications, along with the ability to take predefined actions, like 'dismiss' or 'reply' via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store's protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app."

News URL

http://feedproxy.google.com/~r/Securityweek/~3/0SflebMZiuk/fake-netflix-app-luring-android-users-malware