An Android app that promised a free Netflix subscription and spread malicious content through WhatsApp messages was discovered by computer security experts.
The app called FlixOnline took on the Netflix guise and promised two months of free access to the streaming service, the Check Point Research company warned .
However, instead of providing access to Netflix, the app is designed to monitor WhatsApp notifications and send automatic responses to incoming messages by using content it receives from a command and control server.
The malware sends this message to victims: “2 months of free Netflix Premium at no cost FOR QUARANTINE REASON (CORONAVIRUS) * Get 2 months of Netflix Premium free anywhere in the world for 60 days.
According to Check Point Research, this method could allow a hacker to distribute phishing attacks , spread malware, spread false information, or steal users’ WhatsApp account data and credentials.
The company notified Google about the malicious app and the details of the investigation, for which it was removed from the Play Store.
How the app works
When the application is downloaded from the Play Store and installed, the malware starts a service that requests the permissions “Overlay”, “Ignore battery optimization” and “Notification”. These are the purposes of obtaining said permits:
- Overlay allows a malicious application to create new windows on top of other applications. It is usually requested by malware to create a fake “Login” screen for other applications in order to steal the victim’s credentials.
- Ignoring battery optimizations prevents malware from being shut down by the device’s battery optimization routine, even after it has been inactive for an extended period.
- The most prominent permission is access to notifications. When enabled, it provides access to all notifications related to messages sent to the device and the ability to perform actions such as “dismiss” and “reply.”