Google Play has been making efforts to weed out the malicious apps from its platform, but hackers seem one step ahead at all times. A recent example is that of an app called FlixOnline which disguised itself as a way to access Netflix for free, but in reality, has other motives. The app’s malicious behavior has been exposed by security firm Check Point Research who revealed – the app never actually did what it promised. Rather it is loaded with a self-replicating worm, capable of spreading to other devices for phishing attacks.
The modus operandi was to monitor user’s Whatsapp messages and send automatic replies to install the app (FlixOnline). The idea could have been to launch a widespread data theft attack or even worse when the right time arrived.
Thanks to Check Point Research, the app got immediately pulled down from Google Play Store after getting reported. It has over 500 downloads over the course of two months of existence.
Once the app got downloaded on the user device, it requested permissions which included “Notification”, “Battery Optimisation Ignore,” and Overlay access too. This way the app is able to gain access to all notifications and read them – Whatsapp in particular.
This could have had serious repercussions like extortion attempts by threatening the user about sending sensitive content to contacts. The app contained malicious links which on clicking gained access to user information, and also it had the ability to send automatic messages to Whatsapp contacts to lure in more victims via a remote command & control server.
According to Aviran Hazum, Manager of Mobile Intelligence at Check Point Research, this incidence raises serious questions about Google Play Store’s security measures. Aviran said that the threat is not over as the malicious app could return to the store disguised as some another app with fail safe mechanisms in place to get around Google’s security check.