Press "Enter" to skip to content

Android Malware Discovered on Google Play That Spreads Via WhatsApp

A brand new Android malware has been found that existed as an app on Google Play and is claimed to unfold through WhatsApp conversations. Called FlixOnline, the app pretended to permit customers to view international Netflix content material. It was, nonetheless, designed to watch the consumer’s WhatsApp notifications and ship automated replies to their incoming messages with the content material it receives from the hacker. Google pulled the app instantly from the Play retailer after the corporate was reached out to. However, it was downloaded lots of of occasions earlier than it bought eliminated.

Researchers at menace intelligence agency Check Point Research found the FlixOnline app on Google Play. When the app is downloaded from the Play retailer and put in, the underlying malware begins a service that requests “Overlay,” “Battery Optimisation Ignore,” and “Notification” permissions, the researchers stated in a press be aware.

The objective of acquiring these permissions is believed to permit the malicious app to create new home windows on prime of different apps, cease the malware from being shut down by the system’s battery optimisation routine, and achieve entry to all notifications.

Instead of enabling any official service, the FlixOnline app screens the consumer’s WhatsApp notifications and sends an auto-reply message to all WhatsApp conversations that lures victims with free entry to Netflix. The message additionally comprises a hyperlink that might enable hackers to achieve consumer data.

The “wormable” malware, which implies that it could actually unfold by itself, may unfold additional through malicious hyperlinks and will even extort customers by threatening to ship delicate WhatsApp knowledge or conversations to all their contacts.

Check Point Research notified Google in regards to the existence of the FlixOnline app and the main points of its analysis. Google shortly eliminated the app from the Play retailer upon receiving the main points. However, the researchers discovered that the app was downloaded almost 500 occasions over the course of two months, earlier than it went offline.

The researchers additionally imagine that whereas the actual app in query was faraway from Google Play after it was reported, the malware may return via one other comparable app sooner or later.

“The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign of the malware, the malware family is likely here to stay. The malware may return hidden in a different app,” stated Aviran Hazum, Manager of Mobile Intelligence at Check Point, in a ready quote.

The affected customers are suggested to take away the malicious app from their system and alter their passwords.

It is necessary to notice whereas the malware variant obtainable via the FlixOnline app was designed to unfold through WhatsApp, the moment messaging app does not embrace any explicit loophole that allowed the circulation of malicious content material. Instead, the researchers discovered that it was Google Play that wasn’t capable of limit entry to the app at first look — regardless of utilizing a mixture of automated instruments and preloaded protections together with Play Protect.


What is the very best telephone underneath Rs. 15,000 in India proper now? We mentioned this on Orbital, the Gadgets 360 podcast. Later (beginning at 27:54), we communicate to OK Computer creators Neil Pagedar and Pooja Shetty. Orbital is obtainable on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

Be First to Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    %d bloggers like this: