A SCAM WhatsApp message claiming to offer a free two-month Netflix subscription has been spreading dangerous malware between Android phones.
This is according to cybersecurity researchers who spotted the ‘wormable malware’ which is disguised as a fake Netflix app.
The fake app was lurking on the Google Play Store and if someone downloaded it then hackers could steal their private data.
According to a Check Point Research, the malware disguises itself as a malicious app called “FlixOnline”.
It’s advertised via WhatsApp messages which encourage you to download the app for “2 Months of Netflix Premium Free Anywhere in the World for 60 days.”
However, once you install it, the malware will try and steal your private information such as login details and credit card numbers.
The malware is also designed to check for incoming WhatsApp messages so it can send an automatic reply telling your friends to download the scam app too.
The Check Point researchers explained: “The app turned out to be a fake service that claims to allow users to view Netflix content from around the world on their mobiles.
“However, instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor a user’s WhatsApp notifications, sending automatic replies to a user’s incoming messages using content that it receives from a remote server.”
The full automated message reads: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [Bitly link].”
If you receive this message or one similar you should delete it and definitely don’t click on the link or download the app.
It’s thought 500 people fell victim to this scam over the course of two months.
Google has since removed the app but experts think it’s likely a similar scam will occur so Android users should be cautious.
Aviran Hazum, manager of Mobile Intelligence at Check Point, said: “The malware’s technique is fairly new and innovative.
“The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager.
“The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags.”
Malware like this can take over your phone by requesting specific permissions when you first download the app.
A lot of people agree to permissions without even reading the small print.
The Netflix scam app also contained malware that created fake log-in screens over other apps so victims gave away their login details without releasing.
You should always be wary of what apps you download but if you do accidentally download a dangerous one, delete it immediately and change all your passwords.
WhatsApp – a quick history
Here’s what you need to know…
- WhatsApp was created in 2009 by computer programmers Brian Acton and Jan Koum – former employees of Yahoo
- It’s one of the most popular messaging services in the world
- Koum came up with the name WhatsApp because it sounded like “what’s up”
- After a number of tweaks the app was released with a messaging component in June 2009, with 250,000 active users
- It was originally free but switched to a paid service to avoid growing too fast. Then in 2016, it became free again for all users
- Facebook bought WhatsApp Inc in February 2014 for $19.3billion (£14.64bn)
- The app is particularly popular because all messages are encrypted during transit, shutting out snoopers
- As of 2020, WhatsApp has over 2billion users globally
In other news, TikTok has finally created an automatic captions feature.
Hundreds of OnlyFans accounts have been targeted by hackers who leaked explicit content online, according to cybersecurity experts.
And, Tesco is giving out free iPhones, AirPods and new Samsung phones this week.
Have you spotted any scams on WhatsApp? Let us know in the comments…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk