Thursday, March 28, 2024

New Wormable Android Malware Disguised as a Netflix Tool Spreads Through WhatsApp Messages

Check Point Research (CPR) team has recently discovered a new Android malware that tricks the users into promising to provide them Netflix premium subscription for free. 

The malware that is in question is basically an app that is known as “FlixOnline,” and posing itself as a legitimate version of the streaming service, Netflix to trick the users.

This malicious app was recently removed from the Play Store after being identified as Android malware. But, when it was available in the store, it was downloaded more than 500 times. 

This newly discovered malware seeks to gain the necessary system permissions to steal sensitive data and take control of WhatsApp on the infected device.

The new malware, FlixOnline uses the WhatsApp messages to spread itself, and it’s programmed in such a way, that it replies to each incoming messages automatically from the app itself through a remote server.

Attackers send phishing sites via WhatsApp

In certainty, this malicious app, FlixOneline is basically designed to monitor the owner’s WhatsApp notifications, so, that they can send automatic replies to the owner’s incoming messages, using the content it receives through a remote command and control server.    

This method allows the threat actors to spread phishing sites for phishing attacks, spread other malware or malicious files, spread fake news and much more.

How does this malware work?

After installation, this malware requests a series of permissions that helps the operators of this malware to achieve their goal.

  • First of all, it overlays on other app windows to steal login credentials and other sensitive data.
  • After that, when the power saving mode is activated it prevents the infected Android device from shutting down the malware. 
  • Then it gains permission to the reading and writing of notifications to control the WhatsApp messages.
  • Once done the above step, now the threat actors can easily reply to incoming messages with content it receives from a remote command and control (C&C) server.

Here’s one of the responses used by the malware to lure the users:-

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.” 

Replies are used by this malware for auto-spreading

The operator of this malware, FlixOnline can easily perform several malicious tasks, and here they are mentioned below:-

  • Spread the malware through malicious links.
  • Steal users’ data from their respective WhatsApp accounts.
  • Target the contacts and all the work-related groups present on your WhatsApp to spread malicious messages.
  • Also, extort the users by threatening them to send their private data or chats to all their contacts.

Apart from this, the cybersecurity firm, Check Point has already informed Google about this malware, and as a result Google already removed this malicious app. 

Just like Google, they have also informed Facebook, the developer of WhatsApp, where no action has been taken yet, since, there is no vulnerability or flaws in the messaging services of the above-mentioned portals.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles