A new version of Android malware has been determined luring customers with the promise of unfastened Netflix subscriptions. The malware, dubbed FlixOnline, disguises itself as a valid Netflix application.

What happened?

The fraudulent app lures sufferers with a promise of months of top-rate Netflix subscription free of charge because of the pandemic. However, in reality, it’s miles the malware-weighted-down app spying and tracking WhatsApp customers.

The Check Point Research crew has determined this wormable cellular malware withinside the Google Play Store. After installation, the app asks for overlay permissions, at the side of Battery Optimization Ignore which stops a cellular tool from robotically terminating the software program to shop power.
The malware-weighted down app can scouse borrow WhatsApp conversations data, unfold fake information, and auto-reply to incoming messages with malicious content material via 1 messaging service.
Auto-responses to WhatsApp messages consist of a message selling  months of unfastened Netflix with a hyperlink. The hyperlink redirects the sufferer to a faux Netflix internet site that attempts to achieve credit score card info and credentials.

Moreover, FlixOnline requests notification permissions that deliver the malware get admission to to notifications connected to WhatsApp communication, at the side of the capacity to push aside or respond to messages.

Additional Insights

Along with FlixOnline, there’s different malware at the chance panorama disguising as software apps to idiot customers.

A week ago, adware changed into located pretending to be System Update, that could document audio, take photos, and get admission to WhatsApp messages, amongst others.
Last month, researchers determined a Clast82 dropper spreading thru malicious apps at the Google Play store.

Conclusion

The occurrence of self-spreading wormable Android malware, which includes FlixOnline, underscores the want for customers to be extraordinarily cautious even as starting hyperlinks and downloading attachments acquired thru WhatsApp. In addition, specialists propose fending off messages from unknown sources.