So-called pirated apps have been around for years – and have been Acquired popularity because covid-19 put us all on the couch indefinitely, phone in hand, waiting for a reason (which never comes) to stop streaming.
Well, not all pirated apps take your interests into account when viewing content. Enter “FlixOnline.” Until recently, this app was on Google’s Play Store and promised users the ability to access Netflix for free from anywhere in the world, even if they didn’t have an account. Sounds too good to be true, doesn’t it?
FlixOnline, discovered by security company Check Point ResearchNever really let users binge breaking Bad or what ever. Instead, the researchers found, a self-replicating worm was transmitted to their devices that could potentially be used by hackers in phishing and data theft operations.
According to researchers, the Flix worm malware digs into a phone by abusing its permissions and then uses a victim’s WhatsApp conversations to spread. Once you download it, Flix will prompt you to access a variety of controls on your device. It then hijacks your WhatsApp and uses it to send spam messages to people who send you messages. For example, if your friend sends you “Hey Dude, whaddup”, Flix will secretly automatically reply for you and send you a really subtle advertisement for his fake services:
“2 months of Netflix Premium Free for free For reasons of quarantine (CORONA VIRUS) * VIRUS) * Get 2 months of Netflix Premium Free for 60 days worldwide for 60 days. Get it HERE now ” [insert malicious link].
If your friend who got lost in a confused fog – baffled by the fact that his longtime friend turned into a robotic Netflix shill overnight – happens to click on the link provided, he’ll be taken to a website on who can download the app, and the malware will re-replicate itself. Researchers say the website could easily serve as a way for hackers to steal a victim’s personal information. The truth is, it’s hard to imagine that most people, say, gullible enough to follow this last step, but then “123456” remains a popular password.
In order to, voila! It’s like a moral lesson on the evils of piracy packed into a very, very stupid app – an app that literally does nothing but hijack your conversations with friends and loved ones in order to restore their own stupid, useless existence to bring forth.
Of course, the access that such an app gives means that a bad actor could definitely abuse it to do more than send annoying messages (they could steal your private data and in order to For example, include you in a blackmail scheme). If the messages sent to a victim’s contacts have been changed to anything other than a hacked Netflix ad, or additional malicious links have been added to the hijacked WhatsApp messages, a person can be quite a mess on their hands. So it’s not only an annoying app, it’s also potentially dangerous.
Perhaps worst of all, according to Check Point, Flix sat on the Play Store for about two months and compromised around 500 devices (the app has since been shut down). This is another great example of how Google hasn’t always done an excellent job when it comes to weeding out bad apps that get distributed on their platform.
“The fact that the malware was so easily camouflaged and ultimately bypassed the protection of the Play Store raises some serious red flags,” said Aviran Hazum, manager of mobile intelligence at Check Point. He added that while this specific malware campaign was stopped, the same malware could be redistributed through another fake app. So … be careful out there my pirate friends. Remember: there is no such thing as free content.