Beware of new virus spreading by exploiting the popularity of Netflix and WhatsApp: malware copies the apps' logos and steals victims' data
A new virus disguised as a service from popular streaming app Netflix is spreading through WhatsApp. The malware sends automated replies to messages on behalf of victims, so cyber criminals are able to steal their data and credentials.
Security firm Check Point Software Technologies has discovered a fake app called FlixOnline in the Google Play Store for Android devices: a fake service that promised users that they could view Netflix content from around the world directly on their smartphones. In reality, the app monitored WhatsApp notifications by sending automatic replies to messages and stealing victims' sensitive data, which was then passed on to cyber criminals. After the report, Google promptly removed the app from its Play Store, but in the meantime it had already been downloaded over 500 times. Here's how it works and how to defend against the virus.
FlixOnline: how the infected app works
The FlixOnline app was featured in Google's Play Store and promised users that they could view content from streaming platform Netflix on their smartphone anywhere in the world. However, security firm Check Point discovered that it was an Android malware, which once downloaded could monitor incoming notifications on the infected device and send automated responses to the hapless WhatsApp user's contacts.
Specifically, contacts received this dangerous message, "2 months of Netflix Premium free at no cost FOR QUARANTINE REASON (CORONA VIRUS) * Get 2 months of Netflix Premium free anywhere in the world for 60 days. Download it now HERE." Clicking the link, however, ended up in a phishing attack implemented through a remote command and control server. The infected app was being used to pull off phishing attacks, stealing sensitive data and credentials from unfortunate users, or to further spread malware and false information.
How to avoid the new virus via WhatsApp
The security firm promptly informed Google about the infected app, which was then quickly removed from the Play Store. In the two months that the FlixOnline app has been in the Play Store, it has been downloaded about 500 times. The advice for anyone who has downloaded it is therefore to delete it immediately and check that you have not been a victim of data or credential theft. The advice is, as usual, to rely only on the official apps for the enjoyment of streaming content, check the reviews and permissions that the app requires. If an app for streaming content requires access to features and components that are not essential for its use, it might be hiding malware.