The Check Point Research (CPR) research team discovered a new malware on Android. This is FlixOnline, a supposed Netflix tool that was hosted on the Google Play Store to attract potential victims.
FlixOnline was presented as a free access app to the streaming platform, causing many people to be interested in it and end up falling into the trap. In fact, the software was downloaded more than 500 times during the time it was available in the app store.
From credential theft to access to app notifications
Once downloaded and installed on the device, FlixOnline overlaid windows on the victims’ apps. This with the firm intention of stealing credentials, accessing notifications, even intercepting and replying to messages.
In this case, cybercriminals used the WhatsApp service as a means to spread the virus among the victims’ contacts. Hackers not only intercepted messages, they also responded automatically. Of course, without the victim detecting it.
“The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, such as ‘dismiss’ or ‘reply’ through the Notification Manager,” explained Aviran Hazum, Manager of Mobile Intelligence at CPR.
FlixOnline stayed on Google Play for more than 2 months
Without a doubt, this situation is alarming, since just as FlixOnline managed to sneak into Android, other applications managed by cybercrime can also do so. In fact, we recently reported that malware disguised as an Android update tries to access this operating system through a third-party app store.
The truth here is that cybercriminals have been very clever and managed to stay on Google Play for about two months. Faced with this situation, Google’s immediate response was to remove the application from its App Store.
However, it is more than certain that tools like FlixOnline will continue to appear under false promises to deceive users of Android and other platforms. In this case, the recommendation is to be alert and use common sense when downloading an application.
Fake versions of Cyberpunk 2077 hit Google Play to steal your data