Check Point Research (CPR) recently discovered malware hidden in a fake application on Google Play that can spread via users’ WhatsApp messages. Suppose the user downloads the bogus application and unknowingly grants the malware the necessary permissions. In that case, the malware is capable of automatically replying to the victim’s incoming WhatsApp messages with a payload downloaded from a command-and-control (C&C) server. The Attacker could have used this novel method to spread phishing attacks, distribute false information, and steal credentials and data from users’ WhatsApp accounts, among other things.
Check Point Research informed Google of the malicious application and its research’s specifics in a responsible manner, and Google promptly removed the application from the Play Store. The “FlixOnline” app was downloaded approximately 500 times over two months.
The malware was discovered hidden within an app called ‘FlixOnline‘ on Google Play.'” The app is a fake that purports to allow users to watch Netflix content from all over the world on their mobile devices. Rather than allowing the mobile user to access Netflix content, the application is designed to track the user’s WhatsApp alerts and automatically respond to incoming messages using content received from a remote command and control (C&C) server.
The malware responds to its victims with the following message, luring them in with the promise of a free Netflix subscription:
“FREE TWO-MONTH SUBSCRIPTION TO Netflix PREMIUM FOR REASON OF QUARANTINE (CORONA VIRUS)* For 60 days, get two months of Netflix Premium for free anywhere in the world. Purchase it NOWHERE. http://bit.ly/3bDmzUw.“
Also Read: Where WhatsApp Status is Stored?
An attacker may use this technique to carry out a wide variety of malicious activities:
- Distribute additional malware via malicious links
- Conspiracy to steal data from users’ WhatsApp accounts
- Spreading malicious or fabricated messages to users’ WhatsApp contacts and groups (for example, work-related groups)
- Threaten users that their private WhatsApp data or messages will be sent to all of their contacts