FlixOnline uses Netflix’s iconic “N” logo as well as artwork from Stranger Things and other Netflix exclusive shows to try to tempt Android smartphone and tablet owners into downloading the app.
Android users unfortunate enough to download FlixOnline will be asked to grant a dizzying number of permissions. This is pretty standard for all third-party Android apps downloaded from the Play Store, so might not raise any alarm bells. However, the permissions requested by FlixOnline are specifically to enable this malware-laced app to continue spreading using your WhatsApp conversations.
MORE LIKE THIS
WhatsApp ends one of the biggest nightmares when switching from iPhone
If the person clicks on the link they will either be asked to sign-in with their existing Netflix login (allowing the hackers to steal their email address and password combo – potentially unlocking dozens more of their online accounts) or, if they don’t already have an account, create a new one. If they decide to create a Netflix account when prompted, the hackers will steal their credit or debit card information. Either way, it’s really bad.
With the FlixOnline malware replying to every incoming messages, individual conversations and group chats could be quickly filled with these malicious links… especially if you’re not paying attention.
Security experts from Check Point have already reported the dangerous malware to Google, which has stripped the app from the Play Store. That’s great news as it means nobody else can download the app. However, Google doesn’t remove the apps already installed on Android devices across the world.
Since the malware seems to have been pretty effective, Check Point researchers believe that FlixOnline will set a trend that numerous apps will copy. That means anyone downloading from the Google Play Store will need to be more cautious than ever before. Check Point recommends users only download apps from trusted developers, always keep their devices running the latest operating system updates, and use a security solution to watch out for malware.
Aviran Hazum, Manager of Mobile Intelligence at Check Point Software said: “The malware’s technique is new and innovative, aiming to hijack users’ WhatsApp account by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app.
Over the course of two months, the FlixOnline app was downloaded approximately 500 times. As well as keeping Google in the loop, Check Point shared its research findings with WhatsApp, though there is no vulnerability on WhatsApp’s end. Instead, the malware uses the ability to reply to text messages from the notification shade.