Who doesn’t love Netflix? Everyone! That is what cybercriminals are counting on because they recently placed a fake Netflix app in the Google Play store for download on Android devices. The app is laced with malware which then spreads it via WhatsApp.
What is Happening?
Check Point Research analysts reported on Wednesday that they found a fake Netflix app on the Google Play store, which is actually malware called “FlixOnline.” Threat actors have been advertising the malware through messages on WhatsApp, claiming that if you download it, you get “2 Months of Netflix Premium Free Anywhere in the World for 60 days.” Unfortunately, all the app does is steal credentials and the user’s data.
According to Threatpost,
“The app turned out to be a fake service that claims to allow users to view Netflix content from around the world on their mobiles.”
According to the analysis,
“However, instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor a user’s WhatsApp notifications, sending automatic replies to a user’s incoming messages using content that it receives from a remote server.”
The threat researchers noted that during the two months that it was live on Google Play, it caught at least 500 victims before Google was alerted and took the app off the market. However, threat analysts caution that despite the fact that only 500 people downloaded it, the app could still be present and working. It has the ability to self-replicate, and if infected, users could unwittingly send messages to their contacts with a link to the offer, and therefore, the number of victims could be much higher.
Threat researchers comment with a hint of admiration that “The malware’s technique is fairly new and innovative. The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags.”
How it Works
The fake app listens for new messages on WhatsApp and responds with a preset advertisement to lure additional victims by promising them free Netflix. The message contains a link to a spoofed Netflix website where it collects users’ logins and credit card details.
Are Apps on the Google Play Store Safe?
Google has been plagued with bad press over malicious apps over the past year. In March alone, nine apps were found on the marketplace laced with malware. In January, Google tossed out another 164 apps for delivering unwanted ads to users. Another highly publicized malware app was Joker malware which ran amuck on the Google Play store for a long period of time.
The question becomes, why is it so easy to upload malware-infested apps to the Google Play store? What is the process for vetting these apps before they are allowed to be distributed publicly? It appears that Google needs to refine its system for testing apps to protect Android users.
How Android Users Can Stay Safe
If you own an Android phone, some tips to stay safe are:
- Never download apps from the store that offer “too good to be true” promises.
- Thoroughly check out the vendor of any apps before downloading and installing.
- Do not download apps from outside the Google Play store.
- Never click links in text messages or email, especially if you don’t know where it came from.
- Do not respond to unsolicited ads.
- Never click on ads on social media. Hackers often use fake ads (that look real) to snag unsuspecting victims.
- Install good antivirus/anti-malware software on your Android device and keep it running at all times.
- Review app permissions and do not allow apps any access to things it does not need.