So-called pirate apps have been around for years – and they have been probably gained popularity since covid-19 put us all on the couch indefinitely, the phone in hand, waiting for a reason (which never comes) to stop streaming.
Well, not all pirate apps have your content viewing interests. Allow me to give an example: It’s called “FlixOnline.” Until recently, this app sat in the Google Play Store, promising users the ability to access free mobile access to Netflix from anywhere in the world, even if they did not have an account. Sounds too good to be true, does it?
Yes, well, exactly.
FlixOnline, discovered by the security company Check Point Research, never let users binge Breaking Bad or whatever. Instead, the researchers say it delivered a self-replicating worm to their devices – ones that could potentially be used by hackers in phishing and data theft.
According to researchers, the flormable, malleable malware flies into a phone by abusing the permissions, and then uses the victim’s WhatsApp calls to spread. As soon as you download it, Flix requests access to a number of the device’s controls. Then it hijacks WhatsApp and uses it to send spammy messages to people who send you a message. For example, if your friend sends you “Hello guy, whaddup,” Flix will secretly automatically reply to you and send them an uh, very subtle ad for their fake services:
“2 months of Netflix Premium for free. REASON FOR THE QUARANTINE (CORONA VIRUS) * VIRUS) * Get 2 months of Netflix Premium for free anywhere in the world for 60 days. Get it now HERE ” [insert malicious link].
If your friend, lost in a confused fog – confused by the fact that their friend has turned into a robot Netflix shill overnight for many years – accidentally clicks on the link provided, they will be sent to a website where they can download download the app, and malicious software replicates again. Researchers say the site could easily serve as a way for hackers to steal the victim’s personal information. In truth, it’s hard to imagine that most people are, let’s say, gullible enough to follow the last step, but again, “123456” remains a popular password.
So, voila! It’s like a moral lesson about piracy, wrapped in a very, very stupid app – an app that literally does nothing but hijack your conversations with friends and loved ones to spawn its own stupid, useless existence again.
The access offered by an app like this obviously means that a bad actor can definitely abusee it to do more than send annoying messages (for example, stealing your private information and thereby catching you in a blackmail scheme, potentially). Additionally, if the messages sent to a victim’s contacts were changed to something other than a hacky Netflix ad, or if additional malicious links were added to the hijacked WhatsApp messages, a person may have quite a mess on their hands. So it’s not only an annoying app, but potentially dangerous as well.
Perhaps the worst thing here is that Flix sat in the Play Store for about two months and compromised around 500 devices, according to Check Point (the app has since been taken down). This is another great example of how Google has not always done a fantastic job of weeding out bad apps that are distributed on the platform.
“The fact that malware was able to disguise itself so easily and eventually circumvent Play Store protection raises some serious red flags,” said Aviran Hazum, head of mobile intelligence at Check Point. He added that while this specific malware campaign was stopped, the same malware could be redistributed via another fake app. So … be careful out there, my pirate friends. Remember: There is no such thing as free content.