Security researchers at Check Point Research recently discovered a new malware called FlixOnline on Google Play that masquerades as a free Netflix app. But in fact, it is intended for something else, namely to track user notifications in WhatsApp and send automatic replies to incoming messages using text from the server from which the application is remotely controlled.
The malware can spread through users’ WhatsApp messages with the following content:
“Get 2 months of Netflix Premium for free anywhere in the world for 60 days. You can get it here … “
When a user downloads an application to their device and grants it the appropriate permissions, it becomes active. Thus, the program allows cybercriminals to carry out phishing attacks, spread false information through private messages and in WhatsApp groups, steal logins, passwords and other user data.
Check Point Research has notified Google of the malicious application and provided data from its research. It was removed from Google Play shortly thereafter. FlixOnline was downloaded approximately 500 times in two months. The researchers note that this malware is distinguished by new methods of distribution and manipulation, which, unfortunately, will appear in other applications as well.