An Android malware was discovered by researchers at threat intelligence firm Check Point Research as an app called FlixOnline on Google Play and is claimed to spread via WhatsApp conversations. The app pretended to allow users to view global Netflix content but it monitored the user’s WhatsApp notifications. A link attached to messages sent by the app redirect people to a site to just capture many details, including credit card. A message was like this: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw”.Researchers from Check Point noted that overlay is used by malware to create fake logins and steal user credentials by creating fake windows on top of existing apps.
Google pulled the app immediately from the Play store. It was downloaded hundreds of times. The “wormable” malware, which means that it can spread by itself, could spread further via malicious links and could even extort users by threatening to send sensitive WhatsApp data or conversations to all their contacts. The malware could return through another similar app in the future on Google Play. „Although we stopped one campaign of the malware, the malware family is likely here to stay. The malware may return hidden in a different app,” said Aviran Hazum, Manager of Mobile Intelligence at Check Point. The affected users must remove the malicious app from their device and change their passwords.