Security News > 2021 > April > Fake Netflix App Luring Android Users to Malware
Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages.
The discovery was reported to Google, and the malware - dubbed FlixOnline - has been removed from Google Play; but the researchers expect the methodology to return and be reused in other malware.
The researchers found the malware hidden in the FlixOnline app that claims to allow its users to view any Netflix content, anywhere in the world, free for two months on their mobiles.
The first is usually used to create fake login screens to steal user credentials; the second is used to prevent the malware being shut down automatically despite long idle periods; and the third - the most important - provides access to all notification messages received by the device with the ability to automatically dismiss or reply to those messages.
These permissions allow the hacker to spread further malware via malicious links, to steal data from WhatsApp accounts, and spread fake or malicious messages to the user's WhatsApp contacts, including work-related groups.
"The malware's technique is new and innovative," says Aviran Hazum, manager of Mobile Intelligence at Check Point Software, "Aiming to hijack users' WhatsApp account by capturing notifications, along with the ability to take predefined actions, like 'dismiss' or 'reply' via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store's protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app."
News URL
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)