In reality, as Check Point Research discovered, its sole purpose is to direct victims to a fake Netflix website to steal their login and payment details.
Having disclosed this to Google, the app was quickly removed, but if it’s installed on your phone, you should remove it immediately.
There’s more to the story though. When the app is installed, it requested extra permissions to allow it to reply automatically to incoming WhatsApp messages.
This means anyone who sends a message will get a reply that says “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE.”
Despite the poor English and lack of any personal touch, the lure of free Netflix could well be enough to persuade some people to click on the link and download the app as well.
Although the app is now gone and antivirus software plus bit.ly’s own link shortening service warning you that the website is dangerous, Check Point Research is confident that the malware will return soon enough hidden in other fake app on the Play Store.
It says the campaign claimed 500 victims in two months.
Aviran Hazum, Manager of Mobile Intelligence at Check Point Software said: “The malware’s technique is new and innovative, aiming to hijack users’ WhatsApp account by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags. Although we stopped one campaign using this malware, the malware may return hidden in a different app.
“The Play Store’s protections can only go so far, so mobile users need a mobile security solution. Luckily, we detected the malware early, and we quickly disclosed it to Google – who also acted quickly. Users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups. If you think you’re a victim, we recommend immediately removing the application from devices, and changing all passwords.”
Though the technique is new, the advice for avoiding these types of scams remains the same: don’t click or tap on links that you’re not certain are safe, even if they’re from close friends or family.
If in doubt, speak to whomever sent the message and ask if they sent it, and why.
You should also install antivirus software on Android devices, alongside Windows, to help protect you from these phishing scams.