FlixOnline uses WhatsApp to infect users |
A new type of Android malware has been discovered in an app called FlixOnline, available on the Google Play Store.
Distribute malware via automatic replies to WhatsApp messages sent to users, receiving malware from servers, and remote control commands.
Security researchers at Check Point said: This new and innovative threat could send more harmful content through an automatic response to incoming WhatsApp messages.
Hackers can use malware to spread phishing attacks, spread other malware, spread misinformation, or steal credentials and data from WhatsApp accounts and chats.
FlixOnline claims to be a service that allows users to stream Netflix content from all over the world through mobile devices.
The malware didn't take the promised action, but instead monitored WhatsApp notifications to send automatic replies and receive content from the server that controls it.
Through malicious messages sent to victims via automatic replies, users get two months of free premium Netflix content worldwide.
Check Point researchers said that when you download and install the FlixOnline app on your Android device, the service will start asking for permissions to overwrite and ignore battery optimization and notifications.
Once these permissions are obtained, malware can create new windows on top of other applications. Typically, these windows are fake login screens that other apps can use to steal login credentials.
Bypass battery optimization prevents malware blocking with device battery optimization measures, even when you're idle.
By accessing notifications, malware can access all notifications related to device messages and automatically reject and reply to messages on the device.
With these permissions, the malware has everything you need to spread malicious data and respond to incoming WhatsApp messages.
Check Point said it has reported Google responsibly about the program and its searches, and Google has removed the app from the store. However, the app has been in use for 2 months and has been downloaded 500 times.