Google removed from the Play Store an app that pretended to be Netflix to steal data from inattentive users through WhatsApp. The malware sent messages to users offering two months free access to streaming, but was aimed at stealing credit card data.
When the user installed FlixOnline, the application asked for permissions to access notifications, ignore battery optimizations and also to create layers of content on the screen. Upon receiving the powers, the program was able to intercept WhatsApp messages and create windows with fake offers to steal user data.
The application requests access to notifications to carry out the scam.Source: The Next Web
With the data obtained on the cell phone, the app sent a notification to the user on WhatsApp saying that Netflix was offering two months of free access because of the pandemic. The page to register was fake and served to steal bank details.
New form of phishing
According to Check Point Research experts, who found the malware, the fake app impresses by using an innovative way of doing phishing. While many viruses still target emails to steal data, FlixOnline intercepted notifications to get the user’s attention.
“The fact that the malware was able to disguise itself so easily and ultimately circumvent Play Store protections raises serious concerns,” explains Check Point Research. The company’s experts even believe that the malware should return in other ways in the future.
The incident also shows that Play Store security measures are not yet ready to deal with this type of virus, which targets the notification system directly. With that in mind, the tip is to install only applications from trusted sources to ensure safe use of the smartphone.