The malware in the fake Netflix application called FlixOnline spreads via WhatsApp.Although Google continues to fight malware on the Android platform, a new one is emerging every day.
Finally, Check Point Research researchers discovered that a fake Netflix app promised free access to Netflix content and spread over WhatsApp.
The application called FlixOnline, which has been available on the Google Play Store for a while, promises that users can watch Netflix content from all over the world. On the other hand, the app takes various permissions, stealing user data and easily spreading it to other users. It becomes more difficult to delete by hiding itself in the application launcher after the application obtains permissions.
The permissions the app requests include viewing above other apps, ignoring battery optimizations, and notification access. Appearing on top of other apps means the app can hide itself and display a fake login screen on top of other apps. In this way, after users enter their personal information, this information can be directed to attackers. In addition, ignoring battery optimizations causes the application to be unable to be closed in the background.
Finally, the notification access permission is potentially the most alarming. The application can collect information from the user’s notifications, including the messages they receive. In addition, the application can perform quick actions on these notifications, such as replying to messages on WhatsApp. When the affected user receives a notification from WhatsApp, the fake app hides it and sends a response promising 2 months of free Netflix access via a download link that also installs the malware on that device.
After Check Point Research reported the application to Google, it was removed from the FlixOnline application store. On the other hand, the application was downloaded by about 500 users within 2 months. Affected users are suggested to remove the app from their device settings and change their passwords.