Android malware can be dangerous in unexpected ways. The most recent example is of new malicious app that was available on the Google Play Store discovered by Check Point Research, which is capable of spreading via WhatsApp conversations and auto-replying to contacts, further spreading the malware.
Disguised as an app called ‘FlixOnline’, the app was, until recently, available on the Google Play Store. However, instead of bringing to users Netflix content from all over the globe, the app’s code was designed to monitor the user’s WhatsApp notifications and to send automatic replies to a user’s incoming messages. This is done using a remote command and control (C&C) server.
Further, the message tries to lure others via a user’s WhatsApp texts by showing messages that offer receivers 2 months of free Netflix Premium for free.
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE” is the template that the app sent as a reply to any incoming messages.
How the malware works
The FlixOnline malware when installed starts a service that requests ‘Overlay’, ‘Battery Optimisation Ignore’ and ‘Notification’ permissions. These are used to create new windows on top of other apps. The new windows are often designed to look like fake login pages, where users are nudged to enter authentic credentials.
Notification access is used by the app to automatically perform designated actions such as “dismiss” and “reply” to messages received on the device. Meanwhile, the battery optimisation permissions are used to keep the app running, preventing Android from turning off the app, even when it has been idle for quite some time.
What can you do?
If you use FlixOnline or any other similar app, uninstall the application immediately and check if the app has already done some damage by checking your WhatsApp chats. Users can also reset their phones by first backing up all personal data for the best results. A reset should remove any malicious code or files still in your system.
In the future, remember to never fall for such fake apps. Any app that tries to provide you unofficial content for free could be trying to download malicious code on to your device. If an app or service online is too good to be true, it probably is.