FlixOnline Poses as a Legitimate app and is Stealing WhatsApp Conversation

A new variant of Android has been detected lurking in the internet. This malware is luring mobile
users by promising free subscription of Netflix. This malware is names FlixOnline and it poses a very
legitimate Netflix Application.
What happened?
This fraudulent application lured the targets by offering them fake free subscription of premium
Netflix for two months. The reality of the app is that it has the ability to spy and monitor the
WhatsApp account of the users.
The Check Point Research team has detected this wormable app in the Google Play store. Once the
user installs this app, it asks for different types of permissions along Battery Optimization Ignore,
which ignores the battery optimization techniques of the mobile device and does not let it terminate
the software to save power.
This app can teal WhatsApp conversation data, spread false information by auto replying to
incoming messages with malicious content through 1 messaging services. These responses may
contain promotion and a link to a fake Netflix website which may ask for credit card credentials.
This app also asks for permission of accessing the notification related to WhatsApp and gains the
ability to dismiss or reply to WhatsApp messages.
Some Additional Insights-
FlixOnline is not the only malicious app that disguises as a utility app and lure the users-
 Spyware was found a week ago to be pretending as a System Update and it had the ability to
record audio, take control over the camera and take photo and video, access the messages
sent or received over WhatsApp, etc.
 Last month, researchers discovered a Clast82 dropper that was spreading through
application in the Google Play Store.
Conclusion-
Self-spread android malware makes it increasingly important that we be careful while opening any
link received through WhatsApp or any messaging app, not download and install any app from any
unknown source. Experts recommends that we ignore or delete messages from unknown sender.

Leave a Reply