A new type of Android malware has been discovered, which already exists as an application on Google Play and is allegedly spread through WhatsApp conversations. This application, called FlixOnline, pretends to allow users to view global Netflix content. However, it is designed to monitor users’ WhatsApp notifications and use the content it receives from hackers to send automatic replies to their incoming messages. After getting in touch with Google, Google immediately withdrew the app from the Play Store. However, it had been downloaded hundreds of times before being deleted.
Researchers from the threat intelligence company Check Point Research discovered the FlixOnline application on Google Play. The researchers said in the press release that after downloading and installing the app from the Play Store, potential malware will launch a service requesting “overwrite”, “battery optimization ignore” and “notify” permissions.
It is believed that the purpose of obtaining these permissions is to allow malicious applications to create new windows on top of other applications, prevent malicious software from being closed by the device’s battery optimization routines, and gain access to all notifications.
The FlixOnline application does not enable any legal services, but monitors users’ WhatsApp notifications and sends automatic reply messages to all WhatsApp conversations to trick victims into free access to Netflix. The message also contains a link that may allow hackers to obtain user information.
This “wormable” malware can propagate itself, can spread further through malicious links, and can even threaten to send sensitive WhatsApp data or conversations to all its contacts, thereby further blackmailing users.
Check Point Research has notified Google about the existence of the FlixOnline application and its research details. After Google received the detailed information, it quickly deleted it from the Play Store. However, the researchers found that the app had been downloaded nearly 500 times in the two months before it went offline.
The researchers also believe that although the specific application in question has been removed from Google Play after the report, the malware may return through another similar application in the future.
“The fact that it is easy to disguise malware and eventually bypass the protection of the Play Store raises some serious red flags. Although we stopped an attack on this malware, the malware family will most likely remain. Check Avran Hazum, Point’s mobile intelligence manager, said in a prepared offer that the malware may be hidden in other applications.
It is recommended that affected users remove malicious applications from their devices and change their passwords.
It is important to note that although the malware variants provided by the FlixOnline app are designed to spread via WhatsApp, the instant messaging app does not contain any specific vulnerabilities that allow malicious content to spread. On the contrary, the researchers found that despite the use of automated tools and pre-installed protection features (including Play Protect), Google Play does not seem to restrict access to applications at first glance.
What is the best phone under Rs. Now there are 15,000 in India? We discussed it on the gadget 360 podcast Orbital. Later (from 27:54), we talked with Neil Pagedar and Pooja Shetty, the creators of OK Computer. Orbital is available for Apple Podcast, Google Podcast, Spotify and wherever you get podcasts.