New malware of Android has been discovered as an app on Google Play and is said to be being distributed via WhatsApp chats. Called FlixOnline, the app pretends to allow users to view Netflix content worldwide. However, it is designed to monitor WhatsApp user notifications and send automatic responses to their incoming messages and content from hackers.
Google immediately pulled the app out of the Play Store after the company was found. However, it has been downloaded hundreds of times before it was removed.
Investigators at the threatening spy company Check Point Research have found the FlixOnline app on Google Play. When the app is downloaded from the Google Play Store and installed, the basic malware launches an application requesting “Overlay,” “Battery Optimization Ignore,” and “Notifications”, the researchers said in a press release.
The purpose of obtaining such permissions is believed to be that it allows malicious applications to make new windows on top of other applications, stop malware from shutting down device battery usage, and access all notifications.
Instead of enabling any official service, the FlixOnline app monitors WhatsApp user notifications and sends an automatic reply to all WhatsApp conversations that attract victims with free access to Netflix. The message also contains a link that could allow hackers to access user information.
The “worm” malware, which means it can spread on its own, can continue to spread through malicious links and can deceive users by threatening to send sensitive WhatsApp data or conversations to all your contacts.
Check Point Research has notified Google of the availability of the FlixOnline app and its research data. Google immediately removed the app from the Google Play Store when it received the information. However, researchers found that the app was downloaded about 500 times in two months, before it became offline.
Investigators also believe that while the specific app in question will be removed from Google Play after it has been reported, malware may return with another similar application in the future.
“The fact that malware can be easily hidden and ultimately violates the Play Store’s protection raises serious red flags. Although we have stopped one malware campaign, the malware family may remain here.
Malware can come back hidden in a different application, ”said Aviran Hazum, Check Point’s Mobile Intelligence Manager, quoting prepared questions.
Affected users are advised to remove the malicious application from their device and change their passwords.
It is important to note that while the alternative malware available through the FlixOnline app was designed to spread via WhatsApp, the instant messaging app does not include anything that allows the distribution of malicious content.
Instead, researchers found that it was Google Play that did not limit access to the app at first glance – despite the use of a combination of default tools and pre-loaded protections including Play Protect.