Android Malware Using Fake App to Spread Via WhatsApp Discovered on Google Play: Check Point Research

Must read

How to disable and delete Samsung Pay from your Galaxy phone

When it comes to paying conveniently, Samsung Pay makes using your phone as a bank card an easy process; however, there may come...

Samsung Galaxy S20 FE 5G Update Brings Fix for Touchscreen Issues, April 2021 Android Security Patch: Report

Samsung Galaxy S20 FE 5G is getting a new update aimed at fixing a long-standing touchscreen issue in the phone. This is one...

How to Hack the Hidden Google Chrome Dinosaur Game

Most of us have seen the dreaded “No Internet” error message on Google Chrome. You can actually turn this screen into a fun,...

How to put a tiger in your bedroom

What’s better than a picture of a tiger? A 3D animal, of course. At least, that’s the idea behind Google AR animals, which...
Bhawani Singhhttps://techmepro.com
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

A new Android malware has been discovered that existed as an app on Google Play and is claimed to spread via WhatsApp conversations. Called FlixOnline, the app pretended to allow users to view global Netflix content. It was, however, designed to monitor the user’s WhatsApp notifications and send automatic replies to their incoming messages with the content it receives from the hacker. Google pulled the app immediately from the Play store after the company was reached out to. However, it was downloaded hundreds of times before it got removed.

Researchers at threat intelligence firm Check Point Research discovered the FlixOnline app on Google Play. When the app is downloaded from the Play store and installed, the underlying malware starts a service that requests “Overlay,” “Battery Optimisation Ignore,” and “Notification” permissions, the researchers said in a press note.


The purpose of obtaining those permissions is believed to allow the malicious app to create new windows on top of other apps, stop the malware from being shut down by the device’s battery optimisation routine, and gain access to all notifications.

Instead of enabling any legitimate service, the FlixOnline app monitors the user’s WhatsApp notifications and sends an auto-reply message to all WhatsApp conversations that lures victims with free access to Netflix. The message also contains a link that could allow hackers to gain user information.

The “wormable” malware, which means that it can spread by itself, could spread further via malicious links and could even extort users by threatening to send sensitive WhatsApp data or conversations to all their contacts.


Check Point Research notified Google about the existence of the FlixOnline app and the details of its research. Google quickly removed the app from the Play store upon receiving the details. However, the researchers found that the app was downloaded nearly 500 times over the course of two months, before it went offline.

The researchers also believe that while the particular app in question was removed from Google Play after it was reported, the malware could return through another similar app in the future.

“The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign of the malware, the malware family is likely here to stay. The malware may return hidden in a different app,” said Aviran Hazum, Manager of Mobile Intelligence at Check Point, in a prepared quote.

The affected users are advised to remove the malicious app from their device and change their passwords.

It is important to note while the malware variant available through the FlixOnline app was designed to spread via WhatsApp, the instant messaging app doesn’t include any particular loophole that allowed the circulation of malicious content. Instead, the researchers found that it was Google Play that wasn’t able to restrict access to the app at first glance — despite using a mix of automated tools and preloaded protections including Play Protect.


What is the best phone under Rs. 15,000 in India right now? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 27:54), we speak to OK Computer creators Neil Pagedar and Pooja Shetty. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

Oppo A54 India Launch Today: Expected Price, Specifications, and Everything Else You Need to Know

Oppo A54 is all set to launch in India today. The phone was unveiled in Indonesia last month and it comes with a...

Google One adds ‘Block internet if VPN disconnects’ setting

At the end of last year, Google One added a VPN on higher-tier plans to help build out the subscription offering. Still only...

‘The Falcon And The Winter Soldier’ Episode 5 Digs Deeper Into What It Means For A Black Man To Be Captain America

Disclaimer: This articles contains spoilers from 'The Falcon and the Winter Soldier' episode 5. After last week's episode of The Falcon...

New Study Reveals Climate Change Is Making Indian Monsoon Seasons More Chaotic!

Researchers have found out that climate change is making India's monsoon a lot more powerful and could lead to scary consequences...
- Advertisement -