Security News > 2021 > April > WhatsApp-based wormable Android malware spotted on the Google Play Store

Cybersecurity researchers have discovered yet another piece of wormable Android malware-but this time downloadable directly from the official Google Play Store-that's capable of propagating via WhatsApp messages.

Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a payload received from a command-and-control server.

Besides masquerading as a Netflix app, the malicious "FlixOnline" app also requests intrusive permissions that allow it to create fake Login screens for other apps, with the goal of stealing credentials and gain access to all notifications received on the device, using it to hide WhatsApp notifications from the user and automatically reply with a specially-crafted payload received from the C&C server.

A successful infection could allow the malware to spread further via malicious links, steal data from users' WhatsApp accounts, propagate malicious messages to users' WhatsApp contacts and groups, and even extort users by threatening to leak sensitive WhatsApp data or conversations.

FlixOnline also marks the second time a malicious app has been caught using WhatsApp to spread the malware.

"Although we stopped one campaign of the malware, the malware family is likely here to stay. The malware may return hidden in a different app."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/0QL0J7LsNsU/whatsapp-based-wormable-android-malware.html