{"id":220921,"date":"2021-04-07T13:01:04","date_gmt":"2021-04-07T10:01:04","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/google-removes-a-fake-netflix-app-thats-been-spreading-malware-via-whatsapp\/"},"modified":"2021-04-07T13:01:04","modified_gmt":"2021-04-07T10:01:04","slug":"google-removes-a-fake-netflix-app-thats-been-spreading-malware-via-whatsapp","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/google-removes-a-fake-netflix-app-thats-been-spreading-malware-via-whatsapp\/","title":{"rendered":"#Google removes a fake \u2018Netflix\u2019 app that\u2019s been spreading malware via WhatsApp"},"content":{"rendered":"

#Google removes a fake \u2018Netflix\u2019 app<\/a> that\u2019s been spreading malware via WhatsApp<\/a><\/strong>”<\/p>\n

\n Google has removed a fake Netflix app from the Play Store that aimed to spread malware by automatically responding to your WhatsApp messages.<\/p>\n

Earlier this year, the security firm Check Point Research, found that\u00a0an app named FlixOnline was assuming the look of Netflix, and promising two months of free subscription through WhatsApp messages.<\/span><\/p>\n

However, a link attached to these messages would redirect you to a site to just capture your details, including your credit card.<\/p>\n

Here\u2019s how the malware worked. Once you installed the FlixOnline app from the Play Store, it asked for mainly three types of permissions: screen overlay, battery optimization ignore, and notification. Researchers from Check Point noted that overlay is used by malware to create fake logins and steal user credentials by creating fake windows on top of existing apps.<\/p>\n

\"\"
<\/a>Flixonline app requesting for permissions on your phone.<\/figcaption><\/figure>\n

The app \u201clistened\u201d for notifications, and automatically replied to your WhatsApp chats with a message that looked like this:<\/p>\n

\u201c2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE\u00a0<\/span>https:\/\/bit[.]ly\/3bDmzUw\u201d.<\/i><\/p>\n

The link, of course, was a phishing page to collect your information.<\/p>\n

Aviran Hazum, Manager of Mobile Intelligence at Check Point Software, said that this is a novel method of spreading malware, and while this app is removed from the Play Store, it could return in another form:\u00a0<\/span><\/p>\n

The malware\u2019s technique is new and innovative, aiming to hijack users\u2019 WhatsApp account by capturing notifications, along with the ability to take predefined actions, like \u2018dismiss\u2019 or \u2018reply\u2019 via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store\u2019s protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app.<\/span><\/p>\n<\/blockquote>\n

He added that this incident also indicates limitations of Play Store\u2019s in-built protections and Google couldn\u2019t detect malware in this app through its automated tools. Notably, WhatsApp doesn\u2019t have any vulnerability that enabled this.<\/p>\n

Attackers making applications and websites that masquerade Netflix is not a new trend. It was one of the most imitated brands for phishing attacks for Q1 2020.<\/p>\n

FlixOnline app was live for two months and had nearly 500 installs before Google removed it last month.<\/p>\n<\/p><\/div>\n