People are always advised to download apps only from authentic app stores including the Google Play Store, Apple App Store. However, there are times when malware hides behind an authentic looking app to con users. It was recently discovered that Android Malware existed as an app on Google Play Store. The app called Flixonline, which was downloadable through the Play store, allowed users to watch global Netflix content free of cost. The fake app was downloaded hundreds of times before it was finally removed by Google.
As per Check Point Research, the FlixOnline app was available on Google Play Store for download. This was an Android malware that promised to offer access to Netflix Global content. But once downloaded, the malware could spread itself via mobile users' WhatsApp conversations. The fake app could also send malicious content via automated replies to incoming WhatsApp messages.
Contrary to what the fake app claimed, the FlixOnline was used by cybercriminals to monitor the users' WhatsApp notifications and to send automatic replies to the incoming messages using content that it receives from a remote command and control (C&C) server.
The researchers at Check Point research discovered that the message that was sent to lure users, read, "2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw."
The link which was added below the message was designed to gain complete access to a user's WhatsApp account if clicked. The report states that the link could steal users data from WhatsApp account, spread further malware via malicious links. In grave cases, the cybercriminals could also extort users by threatening to send sensitive WhatsApp data or conversations to all of their contacts.
Interestingly, the FlixOnline was designed to look exactly like Netflix. It had a separate column for users rating and an installation button just like any other app. Check Point research notified Google about the malicious app that was thriving on its platform. Google was quick to remove the app after the report stated the hazards of downloading the app. However, in the course of two months, the "FlixOnline" app was downloaded approximately 500 times.
In order to keep your WhatsApp account safe, you should avoid clicking on links that you receive via WhatsApp or any other messaging app. Always cross-check the details even if you receive the link from a trusted contact or a messaging group.