You always have to be careful with what you can find within conversations within WhatsApp, even if it comes from individual messages from the best possible friends, because they cannot always be legitimate content, since these contacts may have been victims of the spread of a malware attack.
In this sense, researchers from the security firm Check Point Research (CPR) are now warning that there came to be a mobile application for Android devices, already withdrawn from the Google Play Store, which incited the contacts of the users of WhatsApp to its installation with the claim to offer two months free to the Netflix subscription anywhere in the world.
The application, called FlixOnline, also showed the logo and screenshots of the original Netflix.c application as we see in the image above shared by the researchers in their statement.
But far from fulfilling what it promises, in reality the application contained a malware that started a service that requested the Overlay, Ignore battery optimization and Notification permissions, to later monitor WhatsApp notifications and launch automatic responses to incoming messages. from the affected user, using content it receives from a remote command and control server.
In this way, the malware is distributed through WhatsApp conversations showing the following claim to continue expanding among more users:
2 months of Netflix Premium free at no cost FOR QUARANTINE REASON (CORONA VIRUS) * Get 2 months of Netflix Premium free anywhere in the world for 60 days. Get it now HERE https: // bit [.] Ly / 3bDmzUw
According to the security firm, this malware opens the doors to the spread of new malware through malicious links, theft of data from the affected users’ accounts, and even the spread of false or misleading messages between groups and counted of the affected user himself.
For Check Point Research:
If these permissions are granted, the malware has everything it needs to start distributing its malicious payloads and responding to incoming WhatsApp messages with auto-generated responses. Theoretically, through these automatically generated responses, a hacker can steal data, cause business disruptions in work-related chat groups, and even extortion by sending sensitive data to all users’ contacts.
The firm itself had already notified Google, which proceeded to withdraw it quickly, finding that the malicious application FlixOnline had been downloaded approximately 500 times over the course of two months.
More information: Check Point Research Blog