A new day has arrived, and with it comes a new malware designed to deceive Android smartphone users and steal their personal information without their knowledge. Malware disguised as a Netflix app spread via WhatsApp message, which was found on the Google Play store.
The application was built to track the user’s WhatsApp alerts and send automated responses to the user’s incoming messages using content received from a remote command and control (C&C) server, according to a fake application called “FlixOnline” on Google Play.
According to the report, the FlixOnline app had a Netflix-like appearance to deceive users. Not only that, but it also promised users two months of free subscription via WhatsApp messages.
The app that offered a free subscription shared a connection that took users to a website that only collected their personal information, including credit card information. Many Android users mistook the fake app for Netflix and downloaded it.
The malware responds to its victims with the following message, luring them in with the promise of a free Netflix subscription:
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”
When the malware is downloaded and installed from the Play Store, it begins a service that demands permissions for ‘Overlay,’ ‘Battery Optimization Ignore,’ and ‘Notification.’
If the permissions are issued, the malware will be able to distribute its malicious payloads and send out auto-generated replies to incoming WhatsApp messages using the payload obtained from the C&C server.
Users that have been infected with the malware can uninstall the application and update their passwords, according to Check Point researchers.