A fake Netflix app on Google Play Store targeted to spread malware by automatically responding to WhatsApp messages. However, now Google has taken down the app that goes by the name FlixOnline.
As per the security firm Check Point Research, the FlixOnline app sported a Netflix-like look to trick users. Not just that, it also promised two months of free subscription to users through WhatsApp messages.
The app offering a free subscription shared a link that redirected users to a website to just capture their personal data including credit card details. Many Android users downloaded the fake app confusing it with Netflix.
By replying to incoming WhatsApp messages, this method could enable a hacker to distribute phishing attacks, spread further malware, or spread false information or steal credentials and data from users' WhatsApp account and conversations, according to the experts.
The FlixOnline app was available for nearly two months with around 500 installs before Google removed it last month.
Here's how it worked
Once the FlixOnline app was installed on Android smartphone from the Play Store it asked for three permissions - screen overlay, battery optimization ignore, and notification.
As permissions were granted, the malware had everything it needed to start distributing its malicious payloads and responding to incoming WhatsApp messages with auto-generated replies.
Check Point Researchers stated that overlay is used by malware to create fake logins and steal user credentials by creating fake windows on top of existing apps.
The FlixOnline app then 'listened' for notifications and automatically responded to WhatsApp chats with a message.
Precautions
It highlights that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.