#MalwareAlert: Fake Netflix-like app spreads malware via WhatsApp

When CPR notified Google about the malware, it was quickly removed from the Play Store. However, the app was downloaded 500 times within two months when it was available on the platform.

While the fake app was taken down immediately, the fact that it bypassed Google's security measures and landed on the Play Store raises red flag about the company's ability to protect users.

Once the app is installed, it requests the user to grant three permissions: "Notification Listener," "Overlay," and "Battery Optimization Ignore."

The first service allows the malware to access notifications, reply to messages, and dismiss alerts.

Access to the second permission provides it with the ability to draw new windows over other applications.

The third service keeps the malware running even when the phone is dormant.

Once you grant permissions, the malware displays a landing page that it receives from the command and control (C&C) server and hides its icon so that users can't uninstall the app easily.

The malware then continues to communicate with the C&C server to receive instructions.

According to CPR, the fake app has been designed with a focus on WhatsApp.

Although such behavior hasn't been observed, the malware can potentially steal your WhatsApp data and take the ransom route by threatening to send sensitive content to your contacts.

Since it can also reply to your messages, it propagates by sending malicious links to WhatsApp contacts.

With its ability to draw over other apps, it can monitor and steal login data and financial information.

According to CPR, the malware could make a comeback disguised as other applications. Therefore, try to avoid apps that advertise such lucrative offers and keep yourself away from apps that are not popular on the platform.

If you were a victim of the FlexOnline app, we recommend uninstalling the app immediately and changing your passwords.