So-called piracy applications have been around for years, and they have probably gained popularity since the covid-19 put us all indefinitely on the couch, phone in hand, waiting for a reason (which never comes) to stop transmitting.
Well, not all pirated apps take your content viewing interests into account. Let me give you an example: it’s called “FlixOnline”. Until recently, this app was in the Google Play Store, promising users the opportunity to get free mobile access to Netflix from anywhere in the world, even if they didn’t have an account. Sounds too good to be true, right?
Yes, well, exactly.
FlixOnline, discovered by the security company Check Point Research, never let users feel bold Breaking Bad or whatever. Instead, the researchers say, it delivered a self-replicating worm to its devices, which could be used by hackers in fishing operations and data theft.
According to investigators, Flix’s malware is dumped on a phone abusing its permissions and then uses a victim’s WhatsApp conversations to spread. As soon as you download it, Flix asks you for access to various controls on your device. It then hijacks your WhatsApp and uses it to send spam to people who send you messages. For example, if your friend sends you “Hey dude, whaddup”, Flix will automatically reply to you in secret, sending them a really subtle ad of their fake services:
“2 months of free Netflix Premium at no cost due to quarantine (CROWN VIRUS) * VIRUS) * Get 2 months of free Netflix Premium anywhere in the world for 60 days. Get it now HERE” [insert malicious link].
G / O Media may receive a commission
If your friend, lost in a confused fog, baffled by the fact that his many-year-old friend has turned into a robotic Netflix shit overnight, click on the link provided, will be directed to a website where application can be downloaded and the malicious software is replicated again. Investigators say the site could easily be used so that hackers could steal the victim’s personal information. In fact, it’s hard to imagine that most people are, say, credulity enough to follow this last step, but again, “123456” roman a popular password.
Tan, voila! It’s like a moral lesson about the evils of piracy, packaged in a very, very stupid app – an app that literally does nothing but hijack your conversations with friends and loved ones to regenerate your own useless existence.
Of course, access provided by an app like this means that a bad actor could definitely abuse itdo more than send annoying messages (like stealing your private information and therefore getting caught in a potentially extortion scheme)). Also, if the messages sent to the victim’s contacts were modified to something other than a hacky Netflix ad or additional malicious links were added to the hijacked WhatsApp messages, a person could have a mess at hands. Therefore, it is not only an annoying application, but potentially dangerous.
Perhaps the worst thing here is that Flix remained in the Play Store for about two months, compromising about 500 devices, according to Check Point (the app has since been withdrawn). It’s another great example of how Google hasn’t always done an amazing job of removing poorly distributed apps on its platform.
“The fact that malicious software could be disguised so easily and ultimately avoid Play Store protections causes serious red flags,” said Aviran Hazum, Check Point’s mobile intelligence manager. He added that while this specific malware campaign was stopped, the same malware could be redeployed using a different fake application. So … be careful, pirate friends. Remember: there is no free content.