A new malware has been discovered on Google Play that could further spread itself via WhatsApp messages. Once the “wormable” malware gained the required permissions, it could read the incoming WhatsApp notifications on your device and automatically respond to them with malicious content.
The “Wormable” Malware Came Bundled With FlixOnline
Check Point Research discovered the “wormable” malware on Google Play hidden in a fake app called FlixOnline. The app promised a two month subscription to Netflix for free and claimed to let one watch Netflix content from all over the world.
However, once installed, the app would ask you for permissions to overlay content over other apps and read all incoming notifications on your device. The first permission grants the malware the ability to read your personal and sensitive information, while the second allows it to all your incoming notifications, including those from WhatsApp.
To ensure the OS does not shut it down for excessive battery consumption, the malware also requests the “Battery Optimization Ignore” permission. With all the permissions in place, the malware can secretly steal your WhatsApp conversation data.
The Malware Further Spread Itself by Sending Fake WhatsApp Messages
The malware further spreads itself by replying to incoming WhatsApp messages with malicious content disguised as a free Netflix subscription: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE.”
Upon clicking the link, the recipient of the message would be sent to a fake Netflix website, where they are prompted to enter their credit card details and login credentials. However, since a command-and-control server controls the message that’s delivered, it could be pointed to different phishing websites or malware payloads.
You can follow our guide on how to remove a virus from your Android device without a factory reset.
Google Has Already Removed the App From the Play Store
Check Point Research says that the fake FlixOnline app was downloaded approximately 500 times from the Play Store, but was removed quickly by Google once it was informed about it.
Streaming services have seen a surge in their userbase due to the ongoing pandemic. Threat actors are capitalizing on this trend, as evident from the fake FlixOnline app, which tried to lure users by offering them a free Netflix subscription for two months.
A more dangerous System Update Android malware was discovered recently as well. It can steal all data stored on your device, including your photos, messages, browser history, and more. Unlike FlixOnline though, it did not make its way to the Google Play Store.