Check Point discovered a new malware called FlixOnline in the Google Play store that impersonates the official Netflix app and supposedly allows users to view the content of the streaming service.
In two months, the FlixOnline app was downloaded approximately 500 times, and currently Google engineers have already removed the malware from the official app catalog.
“Check Point’s researchers discovered a new and innovative malicious threat on the Google Play app store which spreads itself via mobile users’ WhatsApp conversations, and can also send further malicious content via automated replies to incoming WhatsApp messages”, — researchers report.
Analysts say that once installed, the malware monitors users’ notifications on WhatsApp and sends automatic replies to incoming messages on their behalf.
Check Point experts warn that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.
Special text for such responses is downloaded from a remote server. Typically, it contains an offer of two months of free watching Netflix Premium from anywhere in the world.
Malware asks for the necessary permission to work.
If successfully installed, the malware allows attackers to distribute malware, steal information and data from WhatsApp accounts, and distribute fake or malicious messages to WhatsApp contacts and groups.
FlixOnline is specially designed to spread between devices and is equipped with worm functionality. Malware is capable of switching from one device to another immediately after an Android user clicks on a link in a message.
“In this case, the attackers used a fairly new attack technique, as well as a technique for intercepting a connection with WhatsApp by hijacking notifications and the ability to perform predefined ‘reject’ or ‘reply’ actions. The fact that the malware was so easily disguised and ultimately bypassed the Play Store’s protection raises serious concerns”, — said Check Point Software Technologies.
By the way, as I told Long-fixed bugs are still dangerous for many popular applications from the Google Play Store.
![Attackers took control over Perl[.]com](https://i0.wp.com/virus-removal.info/wp-content/uploads/2021/03/perl.jpg?resize=220%2C150&ssl=1)