Tuesday, December 3, 2024
HomeAndroidNew Wormable Android Malware Disguised as a Netflix Tool Spreads Through WhatsApp...

New Wormable Android Malware Disguised as a Netflix Tool Spreads Through WhatsApp Messages

Published on

SIEM as a Service

Check Point Research (CPR) team has recently discovered a new Android malware that tricks the users into promising to provide them Netflix premium subscription for free. 

The malware that is in question is basically an app that is known as “FlixOnline,” and posing itself as a legitimate version of the streaming service, Netflix to trick the users.

This malicious app was recently removed from the Play Store after being identified as Android malware. But, when it was available in the store, it was downloaded more than 500 times. 

- Advertisement - SIEM as a Service

This newly discovered malware seeks to gain the necessary system permissions to steal sensitive data and take control of WhatsApp on the infected device.

The new malware, FlixOnline uses the WhatsApp messages to spread itself, and it’s programmed in such a way, that it replies to each incoming messages automatically from the app itself through a remote server.

Attackers send phishing sites via WhatsApp

In certainty, this malicious app, FlixOneline is basically designed to monitor the owner’s WhatsApp notifications, so, that they can send automatic replies to the owner’s incoming messages, using the content it receives through a remote command and control server.    

This method allows the threat actors to spread phishing sites for phishing attacks, spread other malware or malicious files, spread fake news and much more.

How does this malware work?

After installation, this malware requests a series of permissions that helps the operators of this malware to achieve their goal.

  • First of all, it overlays on other app windows to steal login credentials and other sensitive data.
  • After that, when the power saving mode is activated it prevents the infected Android device from shutting down the malware. 
  • Then it gains permission to the reading and writing of notifications to control the WhatsApp messages.
  • Once done the above step, now the threat actors can easily reply to incoming messages with content it receives from a remote command and control (C&C) server.

Here’s one of the responses used by the malware to lure the users:-

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.” 

Replies are used by this malware for auto-spreading

The operator of this malware, FlixOnline can easily perform several malicious tasks, and here they are mentioned below:-

  • Spread the malware through malicious links.
  • Steal users’ data from their respective WhatsApp accounts.
  • Target the contacts and all the work-related groups present on your WhatsApp to spread malicious messages.
  • Also, extort the users by threatening them to send their private data or chats to all their contacts.

Apart from this, the cybersecurity firm, Check Point has already informed Google about this malware, and as a result Google already removed this malicious app. 

Just like Google, they have also informed Facebook, the developer of WhatsApp, where no action has been taken yet, since, there is no vulnerability or flaws in the messaging services of the above-mentioned portals.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

New CleverSoar Malware Attacking Windows Users Bypassing Security Mechanisms

CleverSoar, a new malware installer, targets Chinese and Vietnamese users to deploy advanced tools...

Beware Of Malicious PyPI Packages That Inject infostealer Malware

Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where...