 |
| Source: Check Point Research. The Google Play page for the FlixOnline app. |
Cybercriminals have been caught sharing Android malware disguised as a Netflix content enabler app. According to Check Point Research (CPR), replies containing malware are automatically sent to incoming WhatsApp messages.
The original malware was found hidden in an app on Google Play named FlixOnline. While it claimed to allow users to view Netflix content from all around the world on their mobiles, it actually monitors the victim’s WhatsApp notifications, then sends automatic replies to the their incoming messages that use content that it receives from elsewhere.
The replies say: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”
The link can be used to distribute phishing attacks, spread false information or steal credentials and data from users’ WhatsApp accounts, CPR warned.
In this case, CPR notified Google, which removed the app from the Play Store. It had been up for two months, and downloaded approximately 500 times.
The authors of the FlixOnline research, Aviran Hazum, Bodgan Melnykov and Israel Wenik of CPR, said that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.
CPR's tips to remain protected against mobile malware include:
- Updating the operating system regularly. Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of privilege escalation vulnerabilities.
- Only installing apps from official app stores. This reduces the probability of an unintentional installation of mobile malware or a malicious application.
- Enabling ‘remote wipe’ capability on all mobile devices. All devices should have remote wipe enabled to minimise the probability of loss of sensitive data.
- Install a security solution on your device.
