Fake Netflix app on Play Store caught hijacking WhatsApp sessions

Fake Netflix app on Play Store caught hijacking WhatsApp sessions

Google has removed FlixOnline, a fake Netflix app for deploying wormable malware targeting WhatsApp users to spread itself.

The primary aim behind the new malware campaign detected by Check Point Research (CPR) is to hijack Whatsapp chat sessions. In a rather innovative technique, the attackers use a new Android malware variant delivered to mobile phones through a fake Netflix app, which was available on Google Play Store.


The app lured users by promising free Netflix Premium subscriptions. However, the app deploys wormable mobile malware.


SEE: Play Store malware disables Play Protect to evade detection


The app called FlixOnline was on Google Play Store for about two months and was downloaded nearly 500 times before Google officially removed it. Researchers claim that the app focuses on targeting the Whatsapp application.


Malware Capabilities


Research revealed that the malware can capture WhatsApp notifications and take several predefined actions, such as Dismiss or Reply through the Notification Manager.


After FlixOnline gets installed on a device, it asks for overlay permissions, which is a common trick to steal service credentials. It also asks for Battery Optimization Ignore, which prevents a device from auto shut off software to save power.

Additionally, the app asks for notification permissions to access WhatsApp-related communications. According to researchers, it lures users by offering a free Netflix premium subscription for two months with this message.



“2 Months of Netflix Premium Free at no ..