Two apps from the Google Play Store disguised as legitimate Netflix and TikTok ones to spread malware Malware.
Researchers analyzed how they behave and now we’re reporting it for you to avoid them at all cost.
Here’s what we know.
Fake Netflix App (FlixOnline)
The first one of the two is called “FlixOnline” and it was designed to check incoming WhatsApp messages to automatically reply to victims with viciously filled content, promising “2 Months of Netflix Premium Free Anywhere in the World for 60 days.”
Of course, this isn’t true. Instead, when installed, the malware starts to steal valuable data.
The FlixOnline malware app was also capable of self-propagate through links sent to WhatsApp’s contacts and groups. Over 500 victims got infected by this malware during the two months that the app was live on Google Play before it was taken down.
The research firm warned that “the malware family is likely here to stay and may return hidden in a different app.” Let’s see how it works, to avoid infection by an alternative version:
Once downloaded, the application requests three permissions to your device:
- Overlay: allows the app to create new windows on top of other apps.
- Battery Optimization Ignore: stops the malware to disable when the phone goes into “idle mode” to save battery power.
- Notification Listener: allows the malware to access message notifications to automatically dismiss or reply to them back with custom, malicious campaigns.
Once the permissions are granted, the “virus” shows a landing page from the command-and-control server (C2), deleting the icon from the home screen, and is left there pinging for periodical C2 configuration updates.
Unfortunately, this fake Netflix app isn’t the only malicious app on the Android store.
Fake TikTok App (TikTok Pro)
The fake, malicious TikTok copy-cat also made its way into the headlines this week.
Although Cloud Security company “Zscaler” comments the creators of this one have been scamming with phishing campaigns since March of 2020 (at the beginning of the pandemic).
TikTok Pro and many of its variants have been used for ad-stuffing attacks against devices from India’s Jio telecom network (which servers more than half of the country’s internet subscribers).
In most cases, they tried to convince users to download their version of the app, because the original one is banned in the country. Other times, it offered “Free Lenovo Laptops” to get them into a Weebly-hosted site controlled by the hackers.
Every time, the goal from bad actors was to get users downloading the Android Package file (APK) that first checked for permissions. If didn’t have it, it would display a message asking for it and then, asking for a username and password to register or login in.
If successful, the app also incentivized the user to share it with 10 others on WhatsApp, congratulating if done and promising “TikTok will start in 1 hour.”
According to Zscaler, the intention behind the app is to generate revenue by displaying ads to the users through software development kits (SDKs) as those observed in apps like AppLovin and StartApp. It gets risky when the malware lurks between the victim’s contact list
Be aware: these threats are out there, shaped in million different ways.
So take precautions and protect yourself from them. Avoid clicking fishy links and downloading fishier attachments.
If for any reason, your system or device gets infected, try removing it immediately and change your passwords as fast as possible.
And if you can’t get rid of it at any given point, don’t think it twice to contact us.