Malware is hiding in fake Netflix app — and it infiltrates your WhatsApp messages to steal data

Whatsapp Malware
(Image credit: Snappa)

A malware bug is masquerading as a Netflix app on the Google Play Store, according to investigators from cybersecurity firm Check Point Research. Once this faux Netflix app is installed, the malicious software wrecks havoc on users' WhatsApp messages.

Hold on to your hats — it gets worse. Once the malware slithers into your WhatsApp, it messages your contacts in order to steal their private data for nefarious purposes.

Flixonline is not legit — it's a malware app disguising itself as Netflix

Check Point Research investigators discovered a malicious app on the Google Play Store called "FlixOnline," which uses Netflix's logo to lure users into downloading it. The deceptive app promises users unlimited entertainment from anywhere in the world, but behind all the smoke and mirrors lies a wormable bug.

FlixOnline is a scam

FlixOnline malware app (Image credit: Check Point Research)

"Wormable" means that this malicious bug is designed to hop from one device to another, spreading like wildfire throughout the Android ecosystem. How is this FlixOnline bug wormable? Well, once it is installed, the malware "listens" for new notifications from WhatsApp. It then responds to every WhatsApp message with a canned response crafted by malicious actors.

Here is the script that was sent to victims' contacts:  “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [link redacted].”

The message is meant to lure unsuspecting victims to click on the link, which would lead them to a fake Netflix phishing website. The purpose of this phony website is to bait victims into submitting their credentials and credit card information. The link also entices targets to download malicious software, which is why it's considered wormable —  it could start a chain of malicious downloads from one Android user to another.

FlixOnline is not legit

(Image credit: Check Point Research)

“The malware’s technique is fairly new and innovative. The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager," said Aviran Hazum, Manager of Mobile Intelligence at Check Point.

Hazum added that it was concerning that FlixOnline was able to bypass the Google Play Store's security verification process. Google Play Protect is Android's built-in anti-malware tool that is supposed to protect devices from installing malicious apps, but as TechRadar mentioned, it performed miserably during Android protection tests. TechRadar challenged Play Protect to detect a slew of malware, but it only detected 37% of them.

Thankfully, after Check Point Research disclosed its findings to Google, FlixOnline was taken down by the search-engine giant. However, Hazum warned that it's possible that this malware application could pop up with different app name.

How to protect yourself from wormable bugs like the FlixOnline app

Hazum advises mobile users to be wary of download links and attachments that they receive from WhatsApp and other messaging apps — even when the messages supposedly come from trusted contacts. "If you think you’re a victim, I would immediately remove the application from my device, and proceed to change all my passwords," Hazum said.

Check Point Research recommends that users install a security solution on their devices, only download applications from official markets, and ensure apps and devices are up to date.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!