We have written about numerous cases of malicious Android apps hiding in various app stores, directly threatening the owners of the devices. This time security researchers have discovered a wormable piece of Android malware that can be downloaded from the official Play Store. The malware, which is masqueraded as a Netflix app called FlixOnline, can propagate via WhatsApp messages.
Threat Alert: New Wormable Android Malware
The malware is capable of automatically replying to a victim’s incoming WhatsApp messages with a payload received from its command-and-control server. The discovery comes from security firm Check Point. According to the researchers’ report, this capability could have enabled threat actors to spread phishing attacks, spread fake information, or steal sensitive credentials and data from the victims’ WhatsApp accounts.
More about the FlixOnline Fake Netflix App
As for the ’FlixOnline’ fake app, it can be described as “a fake service that claims to allow users to view Netflix content from all around the world on their mobiles”. Instead of providing the promised activity, the app can monitor the user’s WhatsApp notifications to send automatic replies to incoming messages. The replies contain the malicious payload received from the command-and-control server.
Here is an overview of the malicious activities that this wormable malware can perform on compromised Android devices:
- Spread further malware via malicious links;
- Stealing data from users’ WhatsApp accounts;
- Spreading fake or malicious messages to users’ WhatsApp contacts and groups (for example, work-related groups);
- Extort users by threatening to send sensitive WhatsApp data or conversations to all of their contacts.
The researchers notified Google about the FlixOnline fake app, and it has been removed from the Play Store. However, it should be noted that the app was downloaded at least 500 times in two months.
In conclusion, this malware illustrates the evolution of mobile malware that becomes more capable of spreading across devices. It also “highlights that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups,” the researchers noted.