Android malware using fake app to spread whatsapp discovered on Google Play

A new Android malware has been discovered that exists as an app on Google Play and is claimed to have spread through WhatsApp conversation. Called FlixOnline, the app pretended to allow users to watch global Netflix content. However, it was designed to monitor the user’s WhatsApp notifications and send automated replies to their incoming messages along with the content received from the hacker. After the company was out, Google immediately pulled the app from the Play Store. However, it was downloaded hundreds of times before it was removed.

Researchers at the intelligence firm Firm Point Research discovered the FlixOnline app on Google Play. When the app is downloaded and installed from the Play Store, the underlying malware starts a service that requests “overlay,” “battery optimization ignor,” and “notification” permissions, the researchers said in a press note.

The purpose of gaining those permissions is believed to allow malicious apps to create new windows on top of other apps, prevent malware from being shut down by the device’s battery optimization routine, and gain access to all information is.

Instead of enabling any legitimate service, the FlixOnline app monitors a user’s WhatsApp notifications and sends an auto-reply message to all WhatsApp conversations that entice victims with free access to Netflix. There is also a link in the message that may allow hackers to obtain user information.

“Malleable” malware, which means that it can spread on its own, can be spread further through malicious links and also remove users by threatening to send sensitive WhatsApp data or conversations to all their contacts.

Check Point Research informed Google about the existence of the FlixOnline app and details of its research. Google quickly removed the app from the Play Store upon receiving the details. However, the researchers found that the app was downloaded about 500 times over the course of two months before going offline.

Researchers also believe that when the particular application was removed from Google Play in the report, it was reported that malware could be returned via other similar apps in the future.

“The fact that malware was so easily disguised and eventually some serious red flags were raised, bypassing the security of the Play Store. Although we have stopped a malware campaign, the malware family is likely to live here. Malware can be hidden in a different app, ”said Aviran Hazoom, Manager of Mobile Intelligence at Check Point, in a prepared quote.

Affected users are advised to remove malicious applications from their device and change their passwords.

It is important to note that while the malware variants available through the FlixOnline app were designed to spread through WhatsApp, the Instant Messaging app does not include any special flaws that allow the circulation of malicious content. Instead, the researchers found that it was Google Play that was not able to restrict access to the app at first glance – despite using a mix of automated devices and preloaded security including Play Protect.


What is the best phone under Rs. 15,000 in India right now? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 27:54), we talk to OK computer creators Neil Peder and Pooja Shetty. Orbital is available on Apple Podcast, Google Podcast, Spotify, and wherever you find your podcast.

.

LEAVE A REPLY

Please enter your comment!
Please enter your name here