WhatsApp Sessions Hijacked via Android Malware – Disguising as Netflix

According to Check Point Research (CPR), on Wednesday, the Google Play Store was discovered with a “wormable” mobile malware, the official repository for Android apps. The scammed software was named “FlixOnline”.

The ongoing pandemic has caused an immense amount of change in every part of life, including the means of entertainment with the online and social networking industry. With more people switching to Netflix due to boredom, the end of 2020 brought Netflix more than 200 million users. So, hackers found another way to attack the apps through their malicious apps.

Researchers declared that it appears to be a legitimate Netflix application. Its main goal is predicted as attacking WhatsApp. It is found on the Google Play Store, thus making Android devices’ WhatsApp privacy endangered.

The app is highly malicious, as it steals WhatsApp privacy, records messages, voice notes, and calls, and automatically replies to the incoming messages and calls with scammed data. Once downloaded, your WhatsApp gets hijacked.

The application asks to get permitted for overlay permissions. after it gets installed. Actually, it is a regular ingredient in stealing the service credentials. Talking about Battery Optimization Ignore, it ceases a device from automatically putting a stop to the software for the sake of saving power.

FlixOnline requests notification permissions that bestows the malware with access to the notifications regarding WhatsApp communication. Furthermore, it provides it the ability to banish or respond to the texts.

Automatic replies to WhatsApp texts comprise of the following, sent to contacts of the victim:

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONAVIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https:// bit[.]ly/3bDmzUw.”

Researchers have a perspective regarding this thing that the malware can propagate further through malicious links, theft of WhatsApp convo’s information, and has the potential to unroll incorrect information or deleterious content via the texting service when installed on Android devices.

The malicious link used in this maneuver sends victims to a fraud Netflix site that attempts to ascertain a user’s credit card info and further details. Nevertheless, as this note is brought from a command-and-control (C2) server, other campaigns could link to an array of phishing sites or malware payloads.

FlixOnline affirmed 500 victims approx. before discernment, over a period of a couple of months roughly. In addition to this, the popping up of malware is imminent.

Google was enlightened with its discoveries through the Check Point Research, and the application has now been taken out from the Play Store. Moreover, WhatsApp was also alerted regarding the campaign as civility. Yet, as there is no exploitable frangibleness or the concern that the malware uses to disseminate via the texting application, no action was needed at all.


Source: The Hack Today

Leave a Reply