Check Point Research team has recently discovered a new Android malware that tricks the users into promising to provide them Netflix premium subscription for free. Posing itself as a legitimate streaming service known to be FlixOnline

Before getting removed from Playstore it’s been downloaded more than 500 times , once installed seeks to gain permission to take control of WhatsApp of infected device

FlixOnline uses the WhatsApp messages to spread itself, and it’s programmed in such a way, that it replies to each incoming messages automatically from the app itself through a remote server.

Whatsapp Phised.

FlixOneline is basically designed to monitor the owner’s WhatsApp notifications, so, that they can send automatic replies to the owner’s incoming messages, using the content it receives through a remote command and control server. Allowing Phishing attack and spread malicious files

How it works ?

After installation, this malware requests a series of permissions that helps the operators of this malware to achieve their goal.

  • It overlays on other app windows to steal login credentials and other sensitive data.
  • When the power saving mode is activated it prevents the infected Android device from shutting down the malware.
  • Then it gains permission to the reading and writing of notifications to control the WhatsApp messages.
  • Once done the above step, now the threat actors can easily reply to incoming messages with content it receives from a remote command and control (C&C) server.

Here’s one of the responses used by the malware to lure the users:-

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit%5B.%5Dly/3bDmzUw.”

Auto-spreading techniques

The operator of this malware, FlixOnline can easily perform several malicious tasks, and here they are mentioned below:-

  • Spread the malware through malicious links.
  • Steal users’ data from their respective WhatsApp accounts.
  • Target the contacts and all the work-related groups present on your WhatsApp to spread malicious messages.
  • Extort the users by threatening them to send their private data or chats to all their contacts.