Check Point Research team has recently discovered a new Android malware that tricks the users into promising to provide them Netflix premium subscription for free. Posing itself as a legitimate streaming service known to be FlixOnline
Before getting removed from Playstore it’s been downloaded more than 500 times , once installed seeks to gain permission to take control of WhatsApp of infected device
FlixOnline uses the WhatsApp messages to spread itself, and it’s programmed in such a way, that it replies to each incoming messages automatically from the app itself through a remote server.
FlixOneline is basically designed to monitor the owner’s WhatsApp notifications, so, that they can send automatic replies to the owner’s incoming messages, using the content it receives through a remote command and control server. Allowing Phishing attack and spread malicious files
How it works ?
After installation, this malware requests a series of permissions that helps the operators of this malware to achieve their goal.
- It overlays on other app windows to steal login credentials and other sensitive data.
- When the power saving mode is activated it prevents the infected Android device from shutting down the malware.
- Then it gains permission to the reading and writing of notifications to control the WhatsApp messages.
- Once done the above step, now the threat actors can easily reply to incoming messages with content it receives from a remote command and control (C&C) server.
Here’s one of the responses used by the malware to lure the users:-
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”
The operator of this malware, FlixOnline can easily perform several malicious tasks, and here they are mentioned below:-
- Spread the malware through malicious links.
- Steal users’ data from their respective WhatsApp accounts.
- Target the contacts and all the work-related groups present on your WhatsApp to spread malicious messages.
- Extort the users by threatening them to send their private data or chats to all their contacts.