One must always be careful with what one can find within conversations within WhatsApp, even if it comes from individual messages from the best possible friends, because they cannot always be legitimate content, since such contacts may have been victims of the spread of a malware attack.
In this sense, researchers from the security firm Check Point Research (CPR) are now warning that there came to be a mobile application for Android devices, already withdrawn from the Google Play Store, which incited the contacts of users of WhatsApp to its installation with the claim to offer two months free of Netflix subscription anywhere in the world.
The application, called FlixOnline, also showed the logo and screenshots of the original Netflix.c application, as we see in the upper image shared by the researchers in their statement.
But far from fulfilling what it promises, in reality the application contained a malware that started a service that requested the “Overlay”, “Ignore battery optimization” and “Notification” permissions, to later monitor WhatsApp notifications and launch automatic responses to incoming messages from the affected user, using content it receives from a remote command and control server.
In this way, the malware was distributed through WhatsApp conversations showing the following claim to continue expanding among more users:
2 months of free Netflix Premium at no cost FOR QUARANTINE REASON (CORONA VIRUS) * Get 2 months of Netflix Premium free anywhere in the world for 60 days. Get it now HERE https: // bit [.] Ly / 3bDmzUw
According to the security firm, this malware opens the doors to the spread of new malware through malicious links, theft of data from the affected users’ accounts, and even the spread of false or misleading messages between groups and counted of the affected user himself.
For Check Point Research:
If these permissions are granted, the malware has everything it needs to start distributing its malicious payloads and responding to incoming WhatsApp messages with auto-generated responses. Theoretically, through these auto-generated responses, a hacker can steal data, cause business disruptions in work-related chat groups, and even extortion by sending sensitive data to all users’ contacts.
The firm itself has already notified Google of this, which proceeded to its rapid withdrawal, finding that the malicious application FlixOnline had been downloaded approximately 500 times over the course of two months.
More information: Check Point Research Blog