Thursday, April 24, 2025
HomeAndroidNew Wormable Android Malware Disguised as a Netflix Tool Spreads Through WhatsApp...

New Wormable Android Malware Disguised as a Netflix Tool Spreads Through WhatsApp Messages

Published on

SIEM as a Service

Follow Us on Google News

Check Point Research (CPR) team has recently discovered a new Android malware that tricks the users into promising to provide them Netflix premium subscription for free. 

The malware that is in question is basically an app that is known as “FlixOnline,” and posing itself as a legitimate version of the streaming service, Netflix to trick the users.

This malicious app was recently removed from the Play Store after being identified as Android malware. But, when it was available in the store, it was downloaded more than 500 times. 

- Advertisement - Google News

This newly discovered malware seeks to gain the necessary system permissions to steal sensitive data and take control of WhatsApp on the infected device.

The new malware, FlixOnline uses the WhatsApp messages to spread itself, and it’s programmed in such a way, that it replies to each incoming messages automatically from the app itself through a remote server.

Attackers send phishing sites via WhatsApp

In certainty, this malicious app, FlixOneline is basically designed to monitor the owner’s WhatsApp notifications, so, that they can send automatic replies to the owner’s incoming messages, using the content it receives through a remote command and control server.    

This method allows the threat actors to spread phishing sites for phishing attacks, spread other malware or malicious files, spread fake news and much more.

How does this malware work?

After installation, this malware requests a series of permissions that helps the operators of this malware to achieve their goal.

  • First of all, it overlays on other app windows to steal login credentials and other sensitive data.
  • After that, when the power saving mode is activated it prevents the infected Android device from shutting down the malware. 
  • Then it gains permission to the reading and writing of notifications to control the WhatsApp messages.
  • Once done the above step, now the threat actors can easily reply to incoming messages with content it receives from a remote command and control (C&C) server.

Here’s one of the responses used by the malware to lure the users:-

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.” 

Replies are used by this malware for auto-spreading

The operator of this malware, FlixOnline can easily perform several malicious tasks, and here they are mentioned below:-

  • Spread the malware through malicious links.
  • Steal users’ data from their respective WhatsApp accounts.
  • Target the contacts and all the work-related groups present on your WhatsApp to spread malicious messages.
  • Also, extort the users by threatening them to send their private data or chats to all their contacts.

Apart from this, the cybersecurity firm, Check Point has already informed Google about this malware, and as a result Google already removed this malicious app. 

Just like Google, they have also informed Facebook, the developer of WhatsApp, where no action has been taken yet, since, there is no vulnerability or flaws in the messaging services of the above-mentioned portals.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Verizon DBIR Report: Small Businesses Identified as Key Targets in Ransomware Attacks

Verizon Business's 2025 Data Breach Investigations Report (DBIR), released on April 24, 2025, paints...

Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities

A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group,...

ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools

In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure...

Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining

In a startling revelation from Microsoft Threat Intelligence, threat actors are increasingly targeting unsecured...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New Malware Hijacks Docker Images Using Unique Obfuscation Technique

A recently uncovered malware campaign targeting Docker, one of the most frequently attacked services...

Hackers Deploy New Malware Disguised as Networking Software Updates

A sophisticated backdoor has been uncovered targeting major organizations across Russia, including government bodies,...

Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation

Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing...