The Android operating system is once again a haven for a new threat of malicious software (malware) in order to steal the credentials of access to the WhatsApp account and credit card information. The alert was given by the cybersecurity agency Check Point Research.
The threat presented itself as a Netflix application, more specifically as the FlixOnline service. It was available on the Google Play Store and cheated at least 500 users who downloaded it to their Android devices.
The malware passed itself off as a Netflix application for Android
According to the cybersecurity agency, in 2 months, the malicious application was downloaded about 500 times on the Google Play Store. After the discovery, Check Point alerted Google that it has already removed the app in question from its store.
The fallacy was tempting. Presenting itself as a Netflix service, “FlixOnline” promised unlimited access to the content of the famous streaming platform.
After installation, the malware spread via WhatsApp
Once downloaded, the malware spread via WhatsApp among the victim’s groups and contacts. These were the channels where malicious links were automatically sent.
Despite having managed to stop this campaign, the Check Point Software researchers remember that the malware family is likely to be here to stay. In other words, it is likely that this methodology will continue to be used.
There are at least 3 potential consequences of an Android smartphone infection
If successful, the attack allows the responsible malicious agents to do the following activities:
- Disseminate malware through fraudulent links
- Steal credentials and data from users’ WhatsApp accounts
- Disseminate false or harmful messages between the victim’s contacts and WhatsApp groups – for example, work groups
The malware was created as wormable, which means that it can be spread from Android device to Android device as soon as the user clicks on the link sent and downloads the alleged application.
The deception was caused by the fake “Netflix”
Check Point Software researchers reveal that the malware was hiding in a Google Play application called ‘FlixOnline’.
The app presented itself as a service that would allow users to watch Netflix content from different countries. In fact, it was a platform created to monitor users’ WhatsApp notifications, sending automatic responses to messages received.
How malware works:
- Victim installs malware through Google Play Store
- Malware starts monitoring WhatsApp notifications
- Malware responds to all WhatsApp messages received with a response previously prepared by the malicious agents
- In this specific campaign, it was a fake Netflix website that sought to obtain credentials and credit card information
The message sent:
To the messages received by the attack victim, the malware automatically responded to the following: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS) * Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE.
3 tips for Android users
- Confront dubious app developer and reviews
- download only from official suppliers such as the Google Play Store
- Keep your Android smartphone and its applications up to date
The cybersecurity company sent its findings to Google, which subsequently withdrew the app from the Play Store. Over the course of two months, “FlixOnline” was downloaded approximately 500 times. WhatsApp has also been alerted.
4gnews editors recommend:
*The article has been translated based on the content of https://4gnews.pt/android-malware-disfarcado-de-netflix-espalhava-se-pelo-whatsapp/ by 4gnews.pt
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article. If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!