Researchers Flag ‘FlixOnline’ as a Malicious Android Play Store App That Combines Social Engineering With WhatsApp Auto-Replies to Propagate
Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages.
The discovery was reported to Google, and the malware – dubbed FlixOnline – has been removed from Google Play; but the researchers expect the methodology to return and be reused in other malware.
FlixOnline combines the popularity of Netflix, the traditional social engineering trigger of greed (Netflix for free!), and the current pandemic (to provide a reason for the offer), to attract its victims.
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [malicious domain redacted].”
The researchers found the malware hidden in the FlixOnline app that claims to allow its users to view any Netflix content, anywhere in the world, free for two months on their mobiles. But, the researchers warn, “instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor the user’s WhatsApp notifications, and to send automatic replies to the user’s incoming messages using content that it receives from a remote command and control (C&C) server.”
Once installed on a victim’s device, the malware starts a service that requests ‘Overlay’, ‘Battery Optimization Ignore’, and ‘Notification’ permissions. The first is usually used to create fake login screens to steal user credentials; the second is used to prevent the malware being shut down automatically despite long idle periods; and the third – the most important – p ..
Support the originator by clicking the read the rest link below.
