Threatpost reports about a fake Netflix app on the Google Play store that spreads malware to Android devices via Whatsapp messages. A Check Point Research analysis found that the actual app disguises as an app called “FlixOnline,” which promises users of free Netflix Premium access worldwide for two months. Once users install the application, the malware then steals their data and credentials. The malware also automatically responds to any WhatsApp messages that the users receive, which lures others with the same free Netflix service offer. “The malware’s technique is fairly new and innovative. The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags,” said Aviran Hazum, Check Point’s manager of Mobile Intelligence.
Fake Netflix App on Google Play Spreads Malware Via WhatsApp
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the absence of VSCode to enable file access and additional compromise.
Such an issue, which was identified and reported by Databricks security team member Kostya Kortchinsky, affects all Apache Avro instances up to version 1.11.3, according to Qualys Manager of Threat Research Mayuresh Dani, who also noted potential abuse of the bug through Kafka.