Android malware can be dangerous in unexpected ways. The most recent example is a new malicious app that was available on the Google Play Store and was discovered by Check Point Research, This can spread through WhatsApp conversations and automatically reply to contacts, which further spreads the malware.
Disguised as an app called “FlixOnline”, the app was available in the Google Play Store until recently. Instead of making Netflix content available to users from around the world, the app’s code was designed to monitor the user’s WhatsApp notifications and send automatic replies to a user’s incoming messages. This is done via a Remote Command and Control (C&C) server.
In addition, the message tries to lure others through a user’s WhatsApp texts by displaying messages that offer recipients Netflix Premium for free for 2 months.
“2 months of Netflix Premium Free for free For reasons of quarantine (CORONA VIRUS) * Receive 2 months of Netflix Premium Free for 60 days worldwide for 60 days. Download HERE Now “is the template that the app sent in response to incoming messages.
How the malware works
The installed FlixOnline malware starts a service that requests the “Overlay”, “Ignore battery optimization” and “Notification” permissions. These are used to create new windows on top of other apps. The new windows often look like fake login pages asking users to provide authentic credentials.
Notification access is used by the app to automatically perform certain actions, such as “dismiss” and “reply” to messages received on the device. In the meantime, the battery optimization permissions are used to keep the app running and to prevent Android from turning off the app even if it has not been used for a long time.
What can you do?
If you’re using FlixOnline or any other similar app, uninstall the app immediately and check your WhatsApp chats to see if the app has already done any damage. Users can also reset their phones by backing up all personal information first for the best results. A reset should remove malicious code or files that are still on your system.
In the future, remember to never fall for such fake apps. Any app that tries to provide you with unofficial content for free may attempt to download malicious code onto your device. If an app or service online is too good to be true, it probably is.