Despite Google's efforts to fight the malware Android, every now and then a new threat gets out of hand. Researchers from Check Point Research they shared the details (via ZDNet) about a threat that could have lured users with the promise of free access to Netflix content. This malware is reported to spread via messages WhatsApp. But let's go see the details and understand how to avoid falling into the trap.
New Android malware promises free Netflix content but does nothing but steal sensitive data: here's how to avoid falling into the trap
As we can read from the article of the source, the Android malware would be born in an application on the Play Store called FlixOnline. This application would promise users to have access to Netflix content completely free and from all over the world. So even shows not available in Italy, for example, would have been available thanks to the service. However, instead of doing this, the app requires a huge amount of authorizations that allow it to steal user data and spread to other users more easily.
Once all permissions have been granted, the app hides from the launcher in order to be found with more difficulty. Upon installation, the app requires the following permissions:
- view on other apps- Means the app can disguise itself and display a fake login screen above other apps, leading users to enter their personal information and send it to attackers.
- ignore battery optimizations- means the app won't be stopped in the background, so it can stay active even if it's been inactive for a while
- access to notifications- This is the most worrying permission as it can collect information from user notifications, including recipient numbers. Not only this: the app can also perform quick actions on these notifications such as replying to WhatsApp messages. And that's exactly what Android malware is doing.
Basically Android malware hides and sends a reply promising two months of free Netflix access with a download link which, in turn, installs the malware on the target device. Check Point Research has reported the malware to Google before disclosing its vulnerabilities and the FlixOnline app was quickly removed from the Play Store.
What to do?
However, around 500 users downloaded the app in two months, which may have spread the malware to many other users via WhatsApp. Anyone who has been hit should uninstall the app from your device settings and change your passwords.