Free Netflix App Will Hack Your Whatsapp, Steal Your Private Chats, Images, Notifications: Don’t Do This
A fake Netflix app has been found on Google Play, which is spreading malware through WhatsApp messages.
Researchers from Check Point Research have detected this fake Netflix application.
Read on to find out how this fake app spreads malware, and how to be safe from it.
Fake Netflix App Spreading Malware Through WhatsApp Messages
This app is named “FlixOnline” and its logo is similar to the Netflix app. This app reportedly keeps an eye on the user’s WhatsApp Notifications and is also designed to send automatic replies to the incoming messages on the user’s phone. The application sends replies Based on the content that it receives from a remote command and control (C&C) server.
Check Point Research has already notified Google about this application and it has been removed from the Play Store.
However, before being removed, the application has been downloaded 500 times over 2 months.
Check Point has also warned users to be aware of download links or attachments that they receive via WhatsApp or other messaging apps. Infected users have been asked to remove this application from their device and to modify their passwords to ensure safety.
Fake Netflix App: Here’s How The Malware Works
Hackers also are able to distribute phishing attacks spread false information and steal credentials and data from users’ WhatsApp accounts.
The malware sends a message to the victims, “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [https://bit[.]ly/3bDmzUw]https://bit[.]ly/3bDmzUw.”
When the fake application is downloaded by the victim from the Play Store, the malware asks for several permissions for many different reasons. For example, if it is given permission to ‘Overlay,’ it will allow the malware to create new windows on other applications.
As per Check Point, the malware asks for this permission to create a fake “Login” screen for other apps. This helps the malware to steal the credentials of other victims as well.
Also, the malware is not shut down despite the ‘Ignore Battery Optimizations’ feature, which is the device’s optimization technique. This happens even if the malware is idle for an extended period.
Once the malware receives all the permissions, it displays a landing page that is received from the server and also hides its icon so that the malware isn’t removed easily.