Android malware impersonates Netflix to steal your data

Check Point Research (CPR) has discovered a New Android Malware Tricks Users Promising to Provide Netflix Premium Subscription free. The malware in question is an application called «Flix Online«, Posing as a legitimate version of the streaming service. The reality is that it seeks to gain the necessary system permissions to steal sensitive information and take control of WhatsApp.

The scam app, which offered “global unlimited entertainment,” was recently removed from the Play Store after being identified as an Android malware. However, while it was available, it was downloaded more than 500 times. But this is not all. According to security firm CPR, the threat could reappear.

Netflix, meanwhile, driven by the coronavirus pandemic closed 2020 with more than 200 million subscribers. This high number of paid users seems to be of interest to these and other cybercriminals who are looking for new victims to mount their malicious campaigns.

How does the latest Android malware work?

Android malware pretends to be an application to watch Netflix for freeCredit: Check Point Research

After installation, the Android malware, disguised as a Netflix app, requests a series of permissions that will help it achieve its mission:

Overlay permissionCan “overlap” on other application windows to steal login credentials and other sensitive information.Ability to bypass battery optimization– Prevents Android from shutting down malware when power saving is activated.Access to read and write notifications: acquire the ability to control notifications, including those of WhatsApp chats.

Once the Android malware takes control of WhatsApp, can reply incoming messages with content that it receives from a remote command and control (C&C) server. One of the responses identified by Check Point reads as follows:

“2 months of Netflix Premium free at no cost FOR QUARANTINE REASON (CORONA VIRUS) * Get 2 months of Netflix Premium free anywhere in the world for 60 days. Get it now HERE https: // bit [.] Ly / 3bDmzUw ‘.

According to Zdnet, “Get it here” link directs victims to fake Netflix website. There it is tried again to trick the users so that iEnter the details of one of your credit cards, with the aim of stealing them. Also, since the landing page can be modified by attackers, the messages could lead to other fraud campaigns or uploads of new Android malware.

Taken action on the matter

Credit: Check Point Research

Check Point has informed Google of the Android malware. For its part, The Mountain View giant has already removed the application in question from the Play Store. Likewise, the cybersecurity firm has also informed Facebook, the developer of WhatsApp, where no action has been taken at the moment, since, as they need, there is no vulnerability in the messaging service.