New malware impersonates Netflix and spreads via WhatsApp

Check Point discovered a new malware called FlixOnline in the Google Play store that impersonates the official Netflix app and supposedly allows users to view the content of the streaming service.

In two months, the FlixOnline app was downloaded approximately 500 times, and currently Google engineers have already removed the malware from the official app catalog.

“Check Point’s researchers discovered a new and innovative malicious threat on the Google Play app store which spreads itself via mobile users’ WhatsApp conversations, and can also send further malicious content via automated replies to incoming WhatsApp messages”, — researchers report.

Analysts say that once installed, the malware monitors users’ notifications on WhatsApp and sends automatic replies to incoming messages on their behalf.

Check Point experts warn that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.

Special text for such responses is downloaded from a remote server. Typically, it contains an offer of two months of free watching Netflix Premium from anywhere in the world.

Malware asks for the necessary permission to work.

malware impersonates Netflix

If successfully installed, the malware allows attackers to distribute malware, steal information and data from WhatsApp accounts, and distribute fake or malicious messages to WhatsApp contacts and groups.

FlixOnline is specially designed to spread between devices and is equipped with worm functionality. Malware is capable of switching from one device to another immediately after an Android user clicks on a link in a message.

“In this case, the attackers used a fairly new attack technique, as well as a technique for intercepting a connection with WhatsApp by hijacking notifications and the ability to perform predefined ‘reject’ or ‘reply’ actions. The fact that the malware was so easily disguised and ultimately bypassed the Play Store’s protection raises serious concerns”, — said Check Point Software Technologies.

By the way, as I told Long-fixed bugs are still dangerous for many popular applications from the Google Play Store.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button