PSA: That WhatsApp message of free Netflix isn't really what you think it is

Check Point Research (CPR) is warning of malware on Google Play hidden in a fake application that is capable of spreading itself via users’ WhatsApp messages.

If the user downloaded the fake application that is disguised as a “Netflix” app and unwittingly granted the malware the appropriate permissions, it was capable of responding to incoming messages on behalf of its victims with a link to an offer of “2 Months of Netflix Premium Free Anywhere in the World for 60 days.”

Check Point says that this unique method could have enabled threat actors to distribute phishing attacks, spread false information or steal credentials and data from users’ WhatsApp accounts, and more.

To find out if they've been infected or if you're looking for a possible remedy, Aviran Hazum, Manager of Mobile Intelligence at Check Point Software Technologies said:

If the user has downloaded the app and provided the NotificationListener permission - yes, their devices are infected. Users can also search their installed application list for the indicator of compromise (IOC) supplied in the article, or to install a security solution on their device, like Harmony Mobile, to automatically detect and remove such threats.

While it has been removed from the Play Store, the malware has already been downloaded more than 500 times over the past two months with Check Point warning that although this one campaign of the malware has been stopped, the malware family is likely here to stay and may return hidden in a different app.

This article was first published in Hardware Zone.