Malware in Google Play Store spread via WhatsApp messages

Researchers have discovered malware in the Google Play Store that used WhatsApp messages to spread further. The malware is hidden in an app called "FlixOnline", which allows users to watch Netflix on their phones. In reality, the app is designed to automatically respond to incoming WhatsApp messages. The rogue app needs different permissions for this.

When the user provides these permissions, the malware can automatically reply to incoming WhatsApp messages. These messages claim that the recipient can use Netflix free of charge for two months. However, the link in the message points to the rogue app in the Google Play Store. For the content of the automatic response, the malware connects to a command & control server.

In theory, the malware could also steal sensitive WhatsApp messages or data, according to security company Check Point that discovered the malware. According to the security company, users should be careful with links received via WhatsApp and other chat apps, even if they come from a trusted contact. Check Point warned Google about the rogue app, which was subsequently removed from the Play Store. In the two months that the app was in the Play Store, it was downloaded about 500 times.

Previous Post Next Post