Researchers at CheckPoint have discovered a new malicious malware on Google Play which spreads itself through WhatsApp conversations and it can also spread malicious contents through automated replies. By giving automated replies with a payload from command and control server, this allows the hacker to send phishing material, scammers can send further malware or may send fake information to different users; it has the ability to steal personal data of users including credit card information, bank account details, and id, passwords.
Over the past few years especially during the quarantine pandemic, the number of mobile-related attacks have increased to a great extent, therefore, mobile security has become the top priority of every company to prevent the data of users from been stolen by these hackers. The recent investigation is disentangling the Iranian Rampant Kitten APT; the mobile-related malware is continuously growing. These hackers are trying new and different ways to evolve and spread malware to most users. This new malware has been discovered on the Google Play app with a download of 500 times just in 2 months. Researchers have pointed out that the malware hidden in the app is called FlixOnline which combines the popularity of Netflix, the typical social engineering trigger of voracity that is Netflix for free, and during the pandemic situation, it attracts more people to use this.
The security researchers say that the malware found in FlixOnline apps that claim to provide the Netflix content to its users at free of cost for two months all over the world. But instead of allowing the user to view the Netflix content, it instead monitors the WhatsApp notifications of the user, and not only this, it is able to reply automatically to the user’s messages using the command and control. Once, this malware gets into the device of a user, it starts different services that request overlay, battery optimization ignore, and the permission of notification. The overlay is mostly used to create fake login screens to get the complete details of users; the second helps the malware to keep working and not shutting down even if it is idle. And the third one is the main one that provides the details about the notifications of WhatsApp conversations.
The researchers say that the scam app has been removed from Google Play but it is possible that the bad actors will return with same strategy, and it may be reused in some other types of apps. The victims are advised to remove this malicious app from their devices and they should immediately change their passwords to prevent their data.
Read next: Hackers are baiting spear phishing attacks with LinkedIn information
Over the past few years especially during the quarantine pandemic, the number of mobile-related attacks have increased to a great extent, therefore, mobile security has become the top priority of every company to prevent the data of users from been stolen by these hackers. The recent investigation is disentangling the Iranian Rampant Kitten APT; the mobile-related malware is continuously growing. These hackers are trying new and different ways to evolve and spread malware to most users. This new malware has been discovered on the Google Play app with a download of 500 times just in 2 months. Researchers have pointed out that the malware hidden in the app is called FlixOnline which combines the popularity of Netflix, the typical social engineering trigger of voracity that is Netflix for free, and during the pandemic situation, it attracts more people to use this.
The security researchers say that the malware found in FlixOnline apps that claim to provide the Netflix content to its users at free of cost for two months all over the world. But instead of allowing the user to view the Netflix content, it instead monitors the WhatsApp notifications of the user, and not only this, it is able to reply automatically to the user’s messages using the command and control. Once, this malware gets into the device of a user, it starts different services that request overlay, battery optimization ignore, and the permission of notification. The overlay is mostly used to create fake login screens to get the complete details of users; the second helps the malware to keep working and not shutting down even if it is idle. And the third one is the main one that provides the details about the notifications of WhatsApp conversations.
The researchers say that the scam app has been removed from Google Play but it is possible that the bad actors will return with same strategy, and it may be reused in some other types of apps. The victims are advised to remove this malicious app from their devices and they should immediately change their passwords to prevent their data.
Read next: Hackers are baiting spear phishing attacks with LinkedIn information