Fake Netflix app spreading malware on Android phones — protect yourself now

1. Home
2. News
3. Security

Fake Netflix app spreading malware on Android phones — protect yourself at present

(Image credit: Shutterstock)

A imitation Netflix app was accepted into the Google Play app store, so used WhatsApp's auto-reply office to spread links to itself and so that it might exist installed on fifty-fifty more phones.

The app, called "FlixOnline," promised users it could connect them to Netflix streams from other countries, where different movies and TV shows might be available, equally well as requite you two free months of Netflix membership.

• The best Android phones right now
• Protect your privacy with the best encrypted messaging apps
• Plus: Android Auto is getting a major upgrade to have on Apple CarPlay

But the app actually only monitored WhatsApp notifications and replied to WhatsApp messages, researchers from Israeli security firm Cheque Point said in a web log postal service and a research paper today (April vii).

At that place is no indication that WhatsApp itself was hacked, or that this exploited a vulnerability in WhatsApp. It's also not quite clear what the FlixOnline app did other than to promote itself.

Cheque Point said the FlixOnline app had the ability to, at to the lowest degree in theory, steal passwords or spread spam. The app did hide its icon after installation, a sign that it was up to no good.

How this worked, and what to do

If you lot have the FlixOnline app on your phone — it should appear in Settings > App Info — then you'll demand to delete it right away. As e'er, having 1 of the best Android antivirus apps installed will aid you avoid infection.

To every incoming WhatsApp message on a user's phone, the FlixOnline app would automatically reply with a message promoting itself, along with a shortened link for the recipient of the message to tap on. (The malware itself was not spread via WhatsApp and hence not truly "wormable.") The link leads to a site chosen GetMyFlix-dot-com, which is now offline.

Check Point pointed out that the shortened link could have led anywhere or tried to install more malware that might steal your personal data or hijack your WhatsApp account. Merely there'southward no indication it actually did anything other than try to go yous to download the FlixOnline app.

Not the first time we've had this dance

This malware attack is very like to a scam nosotros reported in March 2020, merely equally coronavirus lockdowns were put into issue in Europe and N America, that besides used WhatsApp (as well as text letters) to spread letters about a phony service that got you lot two free months of Netflix.

Check Point noted that the FlixOnline app requested Overlay permissions, which could be used to create faux login screens to steal passwords, simply which other apps — Facebook Messenger, to name one instance — as well employ to post onscreen notifications. FlixOnline as well uses the Notification permission to reply to incoming letters with automatic replies.

"Theoretically," says the Check Betoken blog, "th[r]ough these auto-generated replies, a hacker tin can steal data, cause business organization interruptions on piece of work related conversation groups, and even extortion by sending sensitive data to all the users contacts."

So what's the danger?

We don't know whether the FlixOnline app actually did this. Information technology's just as likely that it just showed ads to infected users. Cheque Betoken said that despite the aggressive WhatsApp promotion entrada, the FlixOnline app had been installed only most 500 times.

The app is no longer in the Google Play store, only information technology shouldn't have been in at that place at all. Limiting app downloads to Google Play is one of the core defenses Android has, and malicious apps in the store undermine the whole organization.

Maybe with so few users, at that place weren't plenty complaints nigh this app for the Google Play store's managers to notice.

A WHOIS lookup of the WhatsApp link'southward destination domain, GetMyFlix[.]com, shows that it was registered in March 2020 past someone challenge to be in the remote Andaman and Nicobar Islands land of India.

The Net Archive'south Wayback Machine has several "captures" of the website dating from 2008 to 2014, when information technology seemed to encourage people to "borrow" rented DVDs from neighbors.

The Google Play page for FlixOnline, screenshotted by Check Point, claims to be developed by someone named "Jillian Sanchez."

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has likewise been a dishwasher, fry cook, long-booty driver, lawmaking monkey and video editor. He'due south been rooting around in the information-security space for more 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Tv set news spots and even moderated a panel discussion at the CEDIA home-applied science conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/bogus-netflix-app-malware

Posted by: gaymanwholoney.blogspot.com

Share this post