Researchers at Check Point firm have pointed out a new Android malware that’s faking Netflix to provide free entertainment and does malicious activities. While redirects to a phishing page to steal credentials and card data, it’s also found to be asking excessive permissions to snoop on WhatsApp chats and spread through it.
Netflix Android Malware Targeting WhatsApp
As Netflix is one of the popular OTT platforms today, it’s now wondering fraudsters are targeting unsuspecting people into a trap on its name. As recently discovered by Check Point Research, a malicious app named FlixOnline is luring users into a Netflix-based scam and snooping on their WhatsApp chats.
As they reported, the campaign starts with the user installing the app available in the Google Play Store! After which, they’ll be greeted with the following message;
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https:// bit[.]ly/3bDmzUw.”
Following the given link will take users to a phishing page, where they’ll ask to fill in some details and credit card information for obtaining the offer. It’s no wonder that many platforms ask users to submit their payment card data in advance of the free trial and charge them automatically after the free period is over.
While the credentials submitted to the phishing page are sent to the hacker’s C2, victimized users will be asked several device permissions to help the app operate properly. These allow the app to draw over other apps, access notifications, disabling battery optimization, etc. All these are aimed at snooping on victim’s WhatsApp chats.
Also Read- Best Netflix Alternatives
While the drawing over other apps helps to observe WhatsApp chats, access to notifications lets the malicious app reply and share its malicious links to spread the campaign further. Also, ignoring the battery optimization will help the malicious app run throughout without killing it for saving the battery.
Google has removed the malicious app from Playstore after being reported, and WhatsApp was notified about the campaign. Researchers said there are about 500 users fallen victim to this campaign in a span of two months before detection.