Google has eliminated a pretend Netflix app from the Play Store that aimed to unfold malware by robotically responding to your WhatsApp messages.
Earlier this yr, the safety agency Check Point Research, discovered that an app named FlixOnline was assuming the look of Netflix, and promising two months of free subscription by means of WhatsApp messages.
However, a hyperlink hooked up to those messages would redirect you to a website to simply seize your particulars, together with your bank card.
Here’s how the malware labored. Once you put in the FlixOnline app from the Play Store, it requested for primarily three kinds of permissions: display screen overlay, battery optimization ignore, and notification. Researchers from Check Point famous that overlay is utilized by malware to create pretend logins and steal person credentials by creating pretend home windows on high of present apps.
The app “listened” for notifications, and robotically replied to your WhatsApp chats with a message that seemed like this:
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw”.
The hyperlink, in fact, was a phishing web page to gather your data.
Aviran Hazum, Manager of Mobile Intelligence at Check Point Software, mentioned that this can be a novel technique of spreading malware, and whereas this app is faraway from the Play Store, it might return in one other kind:
The malware’s method is new and modern, aiming to hijack customers’ WhatsApp account by capturing notifications, together with the power to take predefined actions, like ‘dismiss’ or ‘reply’ through the Notification Manager. The indisputable fact that the malware was capable of be disguised so simply and in the end bypass Play Store’s protections raises some severe crimson flags. Although we stopped one marketing campaign utilizing this malware, the malware could return hidden in a special app.
He added that this incident additionally signifies limitations of Play Store’s in-built protections and Google couldn’t detect malware on this app by means of its automated instruments. Notably, WhatsApp doesn’t have any vulnerability that enabled this.
Attackers making purposes and web sites that masquerade Netflix isn’t a brand new development. It was one of the most imitated brands for phishing assaults for Q1 2020.
FlixOnline app was dwell for 2 months and had practically 500 installs earlier than Google eliminated it final month.