Humans have become so lustful that anyone can fool them by offering fake free offers. Recently, an app named "FlixOnline" was found with similar intentions. People have widely advertised the app on WhatsApp informing that the app is giving 2 months free Netflix subscription; that can be used anywhere in the world. However, this is totally untrue. Instead, anyone who installs the app is permitting the malwares to get into their devices.
According to the research, it is found that the malicious app is accessing WhatsApp messages received on the device, and automatically responds to some of them as per the setup. The automatic response sends offers to others for the app install; to attract more people towards the malware attack.
The message says:
"2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [Bitly link]."
The goal was to trick people with "Free Netflix Subscription" and phish their credentials and card details.
"The app turned out to be a fake service that claims to allow users to view Netflix content from around the world on their mobiles," according to the analysis."
"However, instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor a user’s WhatsApp notifications, sending automatic replies to a user’s incoming messages using content that it receives from a remote server."
The fake app was live on the playstore for around 2 months and reached 500 victims. Later, Check Point, the cyber security solution provider, infomed Google about the malicious app and it was put down from the platform accordingly. Besides, the malware creators may come up with any app and trouble the users.
On the malware attack, manager of Check Point, Aviran Hazum stated:
"The malware’s technique is fairly new and innovative,"
"The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags."
As discussed by Check Point, once any user download the fake app, it asks for 3 permissions:
Overlay feature helps the app to run on top of other working mobile applications. This allowed the malware app to create a fake log-in window and steal the users’ data.
Similarly, the second feature "battery optimization Ignore" allows apps to run continuously in the background, even if the device is dormant. The feature mainly restricts apps to perform its activities to save battery power.
Lastly, the "Notification Listener" feature allowed the app to access all the message notifications received in the device. Hence, it made it easy for the malicious app to ignore or reply to texts received by the phone device.
The android app platform is strict with its policies and restricts the apps that violate the rules. For instance, last month in March, 9 malware apps were found on the platform, which were stealing financial data from the mobile devices. Similarly, last year, The Joker app was discovered as a trojan app. The app seemed to be a general gaming app; however, once installed, it misused user’s contact details and registered for paid services without users’ knowledge.
Have you encountered similar fake offers?
Modern-day hackers are so smart that they use innovative ideas to trap users. In order to stay safe from these cyber criminals, it is preferred to use legitimate links for downloads. For instance, if there is any offer for Netflix, it will be given on their official website for sure.
Moreover, please verify links before clicking or sharing with friends (amazn.com, flipkrt.com etc.). The hackers may use similar looking urls to trick you!
Keep checking ISOEH news blogs to get updates on cyber security from around the world. We work with a team of expert ethical hackers who support organizations to strengthen their cyber security.
Stay tuned for more helpful resources.