A new type of fraud is spreading in WhatsApp chats, sourcing directly from the official Google Play Store. The Google Play malware is disguising as a Netflix app FlixOnline and comes with features that allow it to automatically respond to the victim's incoming WhatsApp messages.
Once the fake app is installed on your phone from Google Play Store, pretending to be Netflix, FlixOnline malicious app requests intrusive permissions. That allows it to create fake login screens for other apps in order to steal credentials and gain access to all notifications on the device. This is used to hide WhatsApp notifications from the user and automatically reply to them with the fake download link to the fake Play Store app. And the cycle continues.
A successful infection could allow the malware to spread further via links, steal data from WhatsApp user accounts, spread malicious messages to victim’s WhatsApp contacts and group chats, and even blackmail users by threatening to leak confidential WhatsApp data or conversations. Among the fraudulent files were android viruses with all kinds of functionality, allowing, for example, to delete or block data, as well as spyware, which can steal user photos and online banking passwords.
The app was removed from the Play Store, but it was downloaded a total of 500 times in two months.
Similar Cases
Earlier this year researchers announced the emergence of a new Android malware that masquerades as a nonexistent Clubhouse app for Android. Scammers used a well-made copy of a legitimate website. However, as soon as the user clicks "Download from Google Play," the app automatically downloads to the user's device. After that, the virus can steal login data for at least 458 online services. We are talking about well-known financial and trading applications, cryptocurrency exchanges, as well as social networks: Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA, Lloyds Bank, and others, experts warn.
Similar to FlixOnline, another type of fraud is spreading in WhatsApp chats, the so-called "pink theme" — the user is invited to follow a link to download a new color scheme for his profile by a fake WhatsApp user. Behind the link, expectedly, is malware that can steal both the user's personal data and his WhatsApp account. After infiltrating the victim's smartphone, the fake WhatsApp starts collecting personal data.
What Can I Do To Avoid Fake Apps
Google officials have an answer on how to protect your smartphone but we offer a few additional steps.
First, only install apps from official sources, such as Google Play and AppStore. Links to install applications can often be found on the official websites of the companies.
Secondly, check the URL in the address bar of your browser when you go to the site. The official Netflix website is www.netflix.com. Phishing sites may have a similar domain name, such as www.netfllx.com or www.neftlix.com.
Alas, malware can also infiltrate official markets. Here you should pay attention to the developer. For example, official Netflix apps are published on behalf of Netflix Inc. on Google Play. Fake apps will be posted on behalf of other developers, have fewer reviews and fewer installations.
And fourth, free cheese only comes in a mousetrap. Netflix has several subscription plans but none of them are free. If the app promises you free access to all movies and shows, you should be wary — it might be a clickbait to install malware.
To increase your knowledge, learn how to protect yourself from Internet fraud.
If you've been a victim of Internet fraud, send your story for us to publish. Let's make the Internet a safer place together.
Comments