The FlixOnline Android Malware
A new piece of Android malware that distributes in a worm-like fashion has recently been reported by security researchers. The threat has been detected right inside the Google Play Store and, as per the information that is available is capable of distributing itself via WhatsApp messages.
The malware is hiding under a rogue Netflix application known as “FlixOnline” and is capable of automatically replying to the WhatsApp messages of the infected victim with a malicious payload.
Researchers reveal that the FlixOnline malware is programmed to monitor user’s incoming notifications from WhatsApp and as soon as they are received, and immediately reply to them with a message containing content received from a remote hacker-controlled command-and-control server.
FlixOnline malware not only disguises as a Netflix app but also tries to steal the victim’s login details, professionals reveal. The bogus app requests from its victims intrusive permissions that enable it to generate fake Login screens for other applications. The idea behind this action is to basically steal their credentials and to gain access to all notifications received on the device.
The Android threat is also believed to be able to hide WhatsApp incoming messages from the user in order to automatically answer to them in secret with a specially created malicious payload received from C2 server.
Professionals are explaining that once it successfully infects an Android device, the malware could easily distribute itself to other devices via malicious links, extract data from the victim’s WhatsApp account, spread malicious messages to his WhatsApp contacts and groups, and even blackmail the victim with threats of leaking his WhatsApp conversations and other stolen details.
Presently, the malicious application has been removed from the Play Store. However, over the course of two months, while the threat has been active, the number of its victims has reached nearly 500.
Cybersecurity researchers have described FlixOnline’s malware technique as very innovative and are sharing their concerns that while its malicious campaign has been stopped, such attacks where threats are masked as applications and successfully sneaked inside the Play Store would probably be seen more often in the future.
Leave a Comment