Your WhatsApp chats are being sabotaged to try to steal credit card information from hackers
A new breed of Android malware has been discovered hiding in the Google Play Store – and it’s designed to sabotage your WhatsApp chats. Security researchers at Check Point have discovered the dangerous new malware, which spreads itself by sending malicious links to your WhatsApp contacts – from family members to close friends and group chats. Anyone who taps the link sent from your WhatsApp account will be taken to a fake Netflix site designed to steal login credentials for your Netflix account or credit card information.
The malware was dug up in an app called FlixOnline, which promises unlimited TV shows and movie streaming. Then discovered by the Check Point teamFlixOnline was available as a free download from the Google Play Store, the pre-installed app repository found on almost all Android smartphones and tablets (except the most recent Huawei handsets, which use the App Gallery instead).
FlixOnline uses Netflix’s iconic “N” logo and illustrations from Stranger Things and other Netflix exclusive shows to entice Android smartphone and tablet owners to download the app.
Android users unlucky enough to download FlixOnline will be asked to grant a staggering number of permissions. This is pretty standard for all third-party Android apps downloaded from the Play Store, so alarm bells may not be ringing. However, the permissions requested by FlixOnline are specifically for ensuring that this malware app continues to spread through your WhatsApp conversations.
MORE LIKE THIS
WhatsApp puts an end to one of the biggest nightmares of switching from iPhone
FlixOnline tried to entice Play Store customers by promising free access to Netflix shows
Anyone who grants the rights allows the application to respond to all incoming text messages in WhatsApp with a link to a rogue Netflix site. To entice people to click, the message next to the link promises two months of free Netflix due to the ongoing coronavirus pandemic. An example of the type of message sent with the dangerous link is: “2 months free Netflix Premium free For REASON OF QUARANTINE (CORONA VIRUS) Get 2 months of Netflix Premium free anywhere in the world for 60 days. Download it HERE now “
Clicking the link will prompt the person to log in with their existing Netflix login (allowing the hackers to steal their email address and password combination – potentially unlocking dozens more of their online accounts) or, if they don’t already have an account, create a new one. If they decide to create a Netflix account when prompted, the hackers will steal their credit or debit card information. Either way, it is really bad.
With the FlixOnline malware replying to every incoming message, individual conversations and group chats can quickly be filled with these malicious links … especially if you’re not paying attention.
Security experts at Check Point have already reported the dangerous malware to Google, which has pulled the app from the Play Store. That’s great news because it means no one else can download the app. However, Google does not remove the apps already installed on Android devices around the world.
So if you downloaded the app recently, you should remove its permissions and remove it from your device immediately.
Since the malware appears to be quite effective, Check Point researchers believe that FlixOnline will set a trend that many apps will copy. That means anyone downloading from the Google Play Store should be more careful than ever before. Check Point recommends that users only download apps from trusted developers, keep their devices running with the latest operating system updates at all times, and use a security solution to keep an eye out for malware.
Aviran Hazum, Manager Mobile Intelligence at Check Point Software said: “The technique of the malware is new and innovative, with the aim of hijacking users’ WhatsApp accounts by capturing notifications, along with the ability to take predefined actions such as “ignore” or “reply” via the Notification Manager. The fact that the malware could be so easily disguised and eventually bypassed Play Store protection raises serious red flags. Although we have one campaign with this malware stopped, the malware can return hidden in another app.
FlixOnline asks for a number of features – this allows it to text your WhatsApp contacts
“The Play Store’s protection only goes so far, so mobile users need a mobile security solution. Fortunately, we discovered the malware early and quickly disclosed it to Google, which also acted quickly. Users should be wary of download links or attachments they receive through WhatsApp or other messaging apps, even if they appear to be from trusted contacts or messaging groups. If you think you are a victim, we recommend that you immediately remove the application from devices and change all passwords. “
In two months, the FlixOnline app was downloaded about 500 times. Check Point not only kept Google informed, but also shared its research results with WhatsApp, although there is no vulnerability on WhatsApp’s side. Instead, the malware uses the ability to respond to text messages from the notification shade.
Check all Technology News here: Gaming Ideology