Google deleted this Android app from the Play Store; you still need to delete it from your phone
Netflix is one of the most popular apps worldwide with 203.7 million global subscribers at the start of this year. Subscribers can choose from a large selection of movies, television shows and documentaries to stream over their devices. If you're an old timer, you might recall when you received your new Netflix discs by mail and returned them the same way.
This app spreads malware via your WhatsApp messages
It was 2010 when Netflix started streaming video to the Apple iPhone and streaming to Android started the following year. The app is so popular that some bad actors used images from it to trick Android users into installing its malware. The plot was discovered by Check Point Research who said that the malicious app offered to provide global users with free Netflix content for their handsets.
Agreeing to the permissions requested by FlixOnLine opens up your phone to attack
The name of this malicious app is FlixOnLine and the promise of free Netflix was used to attract Android users to install it on their phones. The goal was to get people to install FlixOnLine. Google today removed the app from the Play Store, but not before it had been installed by several Android users.
The "ad" that promoted the malicious app said, "2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw." Instead of free Netflix, those who installed the app ended up dealing with some malicious activities once certain permissions were granted by the user.
When the FlixOnLine permission request is sent, it contains some small print that some might never read. The permissions request asks for your permission to allow the app to read all of your notifications "including personal information such as contact names and the content of messages you receive. If you tap on "agree," not only are you asking for trouble, but you are giving the attacker the ability to disable/enable the Do Not Disturb feature on your phone.
As Check Point Research notes, "the malware is capable of automatically replying to victims’ incoming WhatsApp messages with a payload received from a command-and-control (C&C) server. This unique method could have enabled threat actors to distribute phishing attacks, spread false information or steal credentials and data from users' WhatsApp accounts, and more."
For example. the bad actors behind FlixOnLine could spread more malware from malicious links, collect data from users' WhatsApp accounts, send fake and malicious information to a users' WhatsApp contact list, and blackmail/extort money from victims by threatening to send potentially explosive WhatsApp conversations to their contacts list. If you use WhatsApp for business, the danger of installing FlixOnLine is apparent. To be honest, that threat also applies to friendly non-business relationships you have with others.
According to Check Point, the app was installed 500 times over a two month period. Even though Google has removed FlixOnLine, if you had previously installed it on your phone and didn't delete it, the app is still potentially creating havoc with your phone. And if you are a WhatsApp user, you have been infiltrated and your personal information is not safe.
The best thing that you can do if you have the app, according to Check Point Research, is uninstall the app from your Android phone and change your passwords. This is a good example of how clever these bad actors have become and how their techniques allow them to walk right by the bouncer without getting caught. By bouncer, we refer to Google Play Protect which is supposed to scan all apps before they are installed on your phone.
Apparently, some malicious apps are able to fool Google by appearing normal as they goes through the scan. The malware that leads to the malicious activities is added later down the line.