Malware Is Spread Via WhatsApp By A Fake Netflix App On The Google Play Store

A new day has arrived, and with it comes a new malware designed to deceive Android smartphone users and steal their personal information without their knowledge. Malware disguised as a Netflix app spread via WhatsApp message, which was found on the Google Play store.

The application was built to track the user’s WhatsApp alerts and send automated responses to the user’s incoming messages using content received from a remote command and control (C&C) server, according to a fake application called “FlixOnline” on Google Play.

According to the report, the FlixOnline app had a Netflix-like appearance to deceive users. Not only that, but it also promised users two months of free subscription via WhatsApp messages.

The app that offered a free subscription shared a connection that took users to a website that only collected their personal information, including credit card information. Many Android users mistook the fake app for Netflix and downloaded it.

The malware responds to its victims with the following message, luring them in with the promise of a free Netflix subscription:

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”

When the malware is downloaded and installed from the Play Store, it begins a service that demands permissions for ‘Overlay,’ ‘Battery Optimization Ignore,’ and ‘Notification.’

If the permissions are issued, the malware will be able to distribute its malicious payloads and send out auto-generated replies to incoming WhatsApp messages using the payload obtained from the C&C server.

Users that have been infected with the malware can uninstall the application and update their passwords, according to Check Point researchers.

Apps Can No Longer See What’s Loaded On Smartphones, According To Google

Google announced a series of policy changes for applications distributed via the Play Store on April 4th, 2021. Most significantly, most developers would be unable to see what Android applications are installed on a smartphone.

As part of Google’s ongoing efforts to limit the usage of high-risk or sensitive permissions, the company has added the QUERY ALL PACKAGES permission, which, according to the company, allows developers to see the inventory of installed apps on a given computer.

These updates, according to Google, refer to all apps targeting Android API level 30 or later on devices running Android 11 or later. The new strategy was expected to be implemented sooner, but due to the pandemic, it was postponed.

“Play regards the device inventory of installed apps queried from a user’s device as personal and sensitive information, and use of the permission is only permitted when your app’s core user-facing functionality or purpose, requires broad visibility into installed apps on the user’s device,” Google’s support page says.

After the change takes effect, apps can only use the permission if they need it for “core user-facing functionality or intent, which needs wide visibility into installed apps on the user’s computer.” File managers, antivirus apps, and banking apps, as well as other apps that deal with money, are on Google’s list of approved apps.

As a result, only a small number of apps will continue to use the permission to see other apps that have been installed. Device scanning, antivirus, file managers, and browsers are among them. “Sufficiently explain why a less intrusive method of app visibility would not sufficiently allow the app’s policy compliant user facing core features,” the developers have been asked.

This update will take effect on May 5, 2021, and all applications submitted to the Google Play Store after that date must target Android 11 or higher. The policy’s primary goal is to protect users from misleading ads or other types of behavior that can occur when an external party has access to a device’s installed apps.

A similar and longer-standing developer policy had the same aim of allowing users to opt-out of apps like Facebook communicating with apps on their mobile device.