App that promises free Netflix on Android spreads malware via WhatsApp
A new malicious application called FlixOnline has been found inside the Google Play Store, promising free access to Netflix while infecting the Android smartphone or tablet. Once installed in the device, the malware uses the WhatsApp messenger to spread itself on other people’s devices by automatically responding to any incoming message.
App that promises free Netflix on Android spreads malware via WhatsApp (Image: Film Daily)
The alert was made by researchers from Check Point Research, who found FlixOnline saying it delivered two free months of the entire Netflix catalog. The supposed gift would be delivered because of the COVID-19 pandemic period we are experiencing. Once installed, the malicious application needs the user’s permission in order to take action and it does so quickly.
At the first moment after being granted access, the app hides the icon from the list of installed applications, making it difficult to remove the malware. The entire process of being camouflaged within Google’s mobile operating system is done with the help of a remote server, contacted periodically by FlixOnline.
Other commands are sent to the virus, which takes control of messages received by WhatsApp. Any contact or conversation happening at the moment will receive an automatic response in order to spread the malicious application on other devices. The researchers warn that other dangerous content may be sent in the same way, but do not specify what they are.
In order to not to alert the cell phone owner about the invasion and attack via automatic response conversation, the malware accesses notifications from the operating system and removes all that have just arrived while sending responses.
In addition to chatting with people, chat data within WhatsApp can also be accessed through the app. One of the possibilities of attack is extortion by threatening the owner of the device by sending all conversations and messenger data to all contacts on your list.
The researchers also noted the presence of a layer above all applications, presenting fake login screens for the malicious app to steal this information. To improve the attack, FlixOnline is able to ignore any measure to lower the device’s energy consumption, allowing it to never be closed by Android when it is not actively used by the user.
Check Point Research says it has warned Google about the problem and the search giant has already removed the app from the Play Store. Even with a very quick response, the consulting company claims to have noticed the number of 500 downloads inside the store during two months of availability of FlixOnline.
Anyway, it is always good to keep in mind that any promotion or alert about a free period for a streaming service is always disclosed by official means, such as the company’s account on social networks.
Currently Netflix does not offer any more period for tasting its catalog, but it already delivers some series for anyone to watch without finalizing the monthly payment for the chosen plan. Not even a streaming service account is required for this content, there is not a completely free Netflix yet.