Malware that lived on Google Play, the official Android app store, infected its victims via a WhatsApp instant messenger.
According to security company Check Point, FlixOnline, which Google has now removed from its store, promised unlimited entertainment worldwide and took advantage of Netflix's genuine logo.
After the user installed the app, it started watching for notifications from WhatsApp.
Haitake responded to all WhatsApp messages the victim received by promising a free trial of Netflix using corona quarantine as an excuse.
The message provided a link that led to a scam page made on behalf of Netflix.
It fished for login information and credit card information.
The malware also stole data from victims ’WhatsApp accounts.
The malware has now been removed from the Google Store, but Check Point fears it will return. Image: Check Point
Aviran Hazum, head of mobile intelligence at Check Point, sees hijacking a WhatsApp connection as a relatively new and inventive way to attack.
- The fact that the malware could be disguised so easily and bypassed the Play Store protections to ring alarm bells seriously, Hazum states in a press release.
Read also: Dangerous malware was pushed into the app store in a new way - 9 apps became bank robbers
The link to WhatsApp messages was truncated.
This means that often the impractically long real address is replaced with a convenient short version, which can be done in Bitly or TinyURL services, for example.
This is how many criminals work, because in this case the destination of the link cannot be deduced by looking only at the link.
Indeed, the general guideline is that abbreviated links should not be opened if their origin is unknown.
FlixOnline asked on the phone for permission to watch incoming notifications.
Application permission queries should always be read carefully.
However, the situation is difficult for the average user, as sometimes even suspicious permission can have an innocent explanation.
Read more: “Wants to use your phone’s camera” - this means when the Android app asks for permission
The attack was given credibility by the fact that the scam message came from a familiar WhatsApp contact.
The malware was installed on only about 500 devices in two months, but Check Point considers it possible that it will reappear in the store hidden in another application.
Google Play apps should not be installed without first checking their background.
Before downloading, you might want to look at, among other things, the time the app was released, the reviews it received, the developer's previous apps, and any news by putting the app's name in a search engine.
In this case, for example, the name of the developer had nothing to do with Netflix.