Security News > 2021 > April > WhatsApp-based wormable Android malware spotted on the Google Play Store
Cybersecurity researchers have discovered yet another piece of wormable Android malware-but this time downloadable directly from the official Google Play Store-that's capable of propagating via WhatsApp messages.
Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a payload received from a command-and-control server.
Besides masquerading as a Netflix app, the malicious "FlixOnline" app also requests intrusive permissions that allow it to create fake Login screens for other apps, with the goal of stealing credentials and gain access to all notifications received on the device, using it to hide WhatsApp notifications from the user and automatically reply with a specially-crafted payload received from the C&C server.
A successful infection could allow the malware to spread further via malicious links, steal data from users' WhatsApp accounts, propagate malicious messages to users' WhatsApp contacts and groups, and even extort users by threatening to leak sensitive WhatsApp data or conversations.
FlixOnline also marks the second time a malicious app has been caught using WhatsApp to spread the malware.
"Although we stopped one campaign of the malware, the malware family is likely here to stay. The malware may return hidden in a different app."
News URL
Related news
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)
- Google's new AI search results promotes sites pushing malware, scams (source)
- Apps secretly turning devices into proxy network nodes removed from Google Play (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google rolls out new Find My Device network to Android devices (source)