Android Malware can hit phones in an unrecognized and dangerous way that can not only be a threat to your privacy and security, but can also cause you to believe in claims made by an app that are totally fake. This type of malware was recently found in an app called FlixOnline that claimed to provide free Netflix subscription.
It was found that the app’s code was designed to monitor the user’s WhatsApp notifications and to send automatic replies to a user’s incoming messages instead of what the app claimed to do. This is done using a remote command and control (C&C) server.
“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE” is the message which the app was sending as a reply to the incoming messages from WhatsApp.
You might ask how does it work? The FlixOnline malware when installed starts a service that requests you to enable ‘Overlay’, ‘Battery Optimisation Ignore’ and ‘Notification’ permissions for the app. The overlay permission, when granted, can allow the app to create new windows on top of other apps. The new windows are often designed to look like fake login pages, where users are required to enter authentic credentials after which the user successfully falls into the trap.
Notification access is used by the app to read the incoming notifications and automatically perform designated actions such as “dismiss” and “reply” to messages received on your phone. Lastly, the battery optimisation permissions will allow the app to keep running in the background, preventing Android from turning off the app, even when it has been idle for quite some time.
If you have fallen prey to the fake claims, you should definitely check your WhatsApp messages if the app has already done any damage and should uninstall the ‘FlixOnline’ app right away. One should always be careful while installing an app and should confirm if its published from a legit and reputed developer or not.