Check Point Research (CPR) says the malware was hidden in a fake Netflix (opens in new tab) application called FlixOnline on the Google Play Store.
“The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign of the malware, the malware family is likely here to stay. The malware may return hidden in a different app,” says Aviran Hazum, Manager of Mobile Intelligence at Check Point.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- These are the best encrypted instant messengers (opens in new tab) for Android
- We've also highlighted the best antivirus (opens in new tab) solutions
- Check out our roundup of the best endpoint protection software (opens in new tab)
According to CPR, once installed, the app unleashed the worm-like malware which hijacked connections to WhatsApp in its bid to automatically respond to incoming messages on behalf of its victims. The content of the response was provided by a remote server.
In the couple of months it stayed on the Play Store, the malware infused FlixOnline app was downloaded about 500 times. CPR says it shared its finding with Google and the malicious app was subsequently taken down.
Hazrum however doesn’t expect these types of malware to fizzle out anytime soon, since the threat actors have apparently found a way to break through Play Store’s protections.
As a general principle, Hazrum suggests users to not exclusively rely on Play Store’s protections and be “cautious of links and attachments received over WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.”
- We’ve rounded up the best Android antivirus apps (opens in new tab)