Fake Netflix app spreading malware on Android phones — protect yourself now

(Image credit: Shutterstock)

A fake Netflix app was accepted into the Google Play app store, so used WhatsApp's motorcar-reply role to spread links to itself and then that it might be installed on even more phones.

The app, called "FlixOnline," promised users it could connect them to Netflix streams from other countries, where different movies and Tv shows might be available, as well as requite y'all two free months of Netflix membership.

The best Android phones right at present
Protect your privacy with the best encrypted messaging apps
Plus: Android Auto is getting a major upgrade to take on Apple CarPlay

But the app really but monitored WhatsApp notifications and replied to WhatsApp messages, researchers from Israeli security house Check Betoken said in a blog post and a research paper today (Apr 7).

There is no indication that WhatsApp itself was hacked, or that this exploited a vulnerability in WhatsApp. Information technology'southward also not quite articulate what the FlixOnline app did other than to promote itself.

Bank check Point said the FlixOnline app had the ability to, at least in theory, steal passwords or spread spam. The app did hide its icon later installation, a sign that information technology was upwards to no good.

How this worked, and what to practise

If you have the FlixOnline app on your phone — information technology should announced in Settings > App Info — so you lot'll need to delete it right away. Equally e'er, having one of the best Android antivirus apps installed will help you avert infection.

To every incoming WhatsApp message on a user'due south phone, the FlixOnline app would automatically reply with a bulletin promoting itself, along with a shortened link for the recipient of the message to tap on. (The malware itself was non spread via WhatsApp and hence non truly "wormable.") The link leads to a site called GetMyFlix-dot-com, which is now offline.

Check Point pointed out that the shortened link could take led anywhere or tried to install more malware that might steal your personal information or hijack your WhatsApp account. Simply there's no indication it actually did annihilation other than try to get you to download the FlixOnline app.

Not the first time we've had this dance

This malware attack is very like to a scam we reported in March 2020, just equally coronavirus lockdowns were put into effect in Europe and North America, that besides used WhatsApp (also equally text messages) to spread messages about a phony service that got you 2 costless months of Netflix.

Check Signal noted that the FlixOnline app requested Overlay permissions, which could be used to create fake login screens to steal passwords, but which other apps — Facebook Messenger, to name one example — also employ to post onscreen notifications. FlixOnline besides uses the Notification permission to answer to incoming messages with automatic replies.

"Theoretically," says the Check Point blog, "thursday[r]ough these motorcar-generated replies, a hacker tin can steal data, cause business interruptions on work related chat groups, and even extortion by sending sensitive data to all the users contacts."

And then what's the danger?

We don't know whether the FlixOnline app actually did this. It's simply as likely that information technology only showed ads to infected users. Check Bespeak said that despite the aggressive WhatsApp promotion campaign, the FlixOnline app had been installed but about 500 times.

The app is no longer in the Google Play store, just it shouldn't accept been in there at all. Limiting app downloads to Google Play is one of the core defenses Android has, and malicious apps in the store undermine the whole system.

Perhaps with and then few users, there weren't plenty complaints about this app for the Google Play store'south managers to notice.

A WHOIS lookup of the WhatsApp link's destination domain, GetMyFlix[.]com, shows that information technology was registered in March 2020 by someone claiming to be in the remote Andaman and Nicobar Islands state of India.

The Internet Archive'due south Wayback Machine has several "captures" of the website dating from 2008 to 2014, when it seemed to encourage people to "borrow" rented DVDs from neighbors.

The Google Play page for FlixOnline, screenshotted past Check Betoken, claims to be developed by someone named "Jillian Sanchez."

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has besides been a dishwasher, fry melt, long-haul driver, code monkey and video editor. He'south been rooting effectually in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upward in random TV news spots and even chastened a console word at the CEDIA home-technology briefing. Y'all can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/bogus-netflix-app-malware

Posted by: spearspaturs.blogspot.com

Fake Netflix app spreading malware on Android phones — protect yourself now