• 1 week ago

Hellish new WhatsApp attack is stealing credit card details from your friends and family
SMARTPHONE owners have been placed on red alert by security researchers from Check Point over a new breed of malware discovered in the Google Play Store. And those who are tricked by this new attack will soon find their WhatsApp chats sabotaged by hackers. Here’s what you need to know…. and how to stop the attack.
By Aaron Brown
PUBLISHED: 11:00, Wed, Apr 7, 2021 | UPDATED: 11:02, Wed, Apr 7, 2021
Comment section
Share on Facebook
Share on Twitter
Share on LinkedIn
Share on Pinterest
Copy link

WhatsApp Hellish New Attack Malware Google Play Store UK Android Check Point Update
Your WhatsApp chats will be sabotaged to try to steal credit card details for hackers (Image: GETTY • WHATSAPP )
Sign up for FREE for the biggest new releases, reviews and tech hacks

When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.

A new breed of Android malware has been discovered hiding in the Google Play Store – and it’s designed to sabotage your WhatsApp chats. Security researchers at Check Point uncovered the dangerous new malware, which spreads itself by sending malicious links to your WhatsApp contacts – from family members to close friends and group chats. Anyone who taps on the link sent from your WhatsApp account will be taken to a fake Netflix site designed to steal login details for your Netflix account or credit card details.
Related articles

Millions have ditched WhatsApp, was Facebook’s CEO one of them?
Tesco is adding free iPhones and AirPods into some customer’s shopping

The malware was unearthed inside an app called FlixOnline, which promises unlimited TV show and movie streaming. When discovered by the Check Point team, FlixOnline was available as a free download from the Google Play Store, which is the preinstalled app repository found on almost all Android smartphones and tablets (except the most recent handsets from Huawei, which uses the App Gallery instead).

FlixOnline uses Netflix’s iconic “N” logo as well as artwork from Stranger Things and other Netflix exclusive shows to try to tempt Android smartphone and tablet owners into downloading the app.

Android users unfortunate enough to download FlixOnline will be asked to grant a dizzying number of permissions. This is pretty standard for all third-party Android apps downloaded from the Play Store, so might not raise any alarm bells. However, the permissions requested by FlixOnline are specifically to enable this malware-laced app to continue spreading using your WhatsApp conversations.

WhatsApp ends one of the biggest nightmares when switching from iPhone

WhatsApp Hellish New Attack Malware Google Play Store UK Android Check Point Update
FlixOnline tried to tempt Play Store customers by promising free access to Netflix shows (Image: CHECK POINT • GOOGLE PLAY)

Anyone who grants the permissions allows the application to reply to all incoming text messages in WhatsApp with a link to a fraudulent Netflix site. To tempt people into clicking, the message alongside the link promises two months of free Netflix because of the ongoing coronavirus pandemic. An example of the sort of message sent with the dangerous link reads: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS) Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE”

If the person clicks on the link they will either be asked to sign-in with their existing Netflix login (allowing the hackers to steal their email address and password combo – potentially unlocking dozens more of their online accounts) or, if they don’t already have an account, create a new one. If they decide to create a Netflix account when prompted, the hackers will steal their credit or debit card information. Either way, it’s really bad.

With the FlixOnline malware replying to every incoming messages, individual conversations and group chats could be quickly filled with these malicious links… especially if you’re not paying attention.

Security experts from Check Point have already reported the dangerous malware to Google, which has stripped the app from the Play Store. That’s great news as it means nobody else can download the app. However, Google doesn’t remove the apps already installed on Android devices across the world.

All-new Amazon Fire TV Stick service promises to be the last app you’ll ever need
All-new Amazon Fire TV Stick service promises to be the last app you’ll ever need
More Samsung TV owners offered a swathe of free content and that’s not all
More Samsung TV owners offered a swathe of free content and that’s not all
Microsoft set to fix everything that’s wrong with your Windows 10 PC
Microsoft set to fix everything that’s wrong with your Windows 10 PC

So, if you’ve recently downloaded the app, you’ll need to remove its permissions and delete it from your device immediately.

Since the malware seems to have been pretty effective, Check Point researchers believe that FlixOnline will set a trend that numerous apps will copy. That means anyone downloading from the Google Play Store will need to be more cautious than ever before. Check Point recommends users only download apps from trusted developers, always keep their devices running the latest operating system updates, and use a security solution to watch out for malware.

Aviran Hazum, Manager of Mobile Intelligence at Check Point Software said: “The malware’s technique is new and innovative, aiming to hijack users’ WhatsApp account by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app.

WhatsApp Hellish New Attack Malware Google Play Store UK Android Check Point Update
FlixOnline requests a number of features – it’s this that enables it to text your WhatsApp contacts (Image: CHECK POINT)

Amazon planning the ULTIMATE SALE, but we’ve got bad news

“The Play Store’s protections can only go so far, so mobile users need a mobile security solution. Luckily, we detected the malware early, and we quickly disclosed it to Google – who also acted quickly. Users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups. If you think you’re a victim, we recommend immediately removing the application from devices, and changing all passwords.”

Over the course of two months, the FlixOnline app was downloaded approximately 500 times. As well as keeping Google in the loop, Check Point shared its research findings with WhatsApp, though there is no vulnerability on WhatsApp’s end. Instead, the malware uses the ability to reply to text messages from the notification shade.
The Express UK