So-called piracy apps have been around for years – and they have probably gained popularity ever since covid-19 has put us all on the couch indefinitely, phone in hand, waiting for a reason (that never comes) to stop streaming.
Well, not all piracy apps have your content viewing interests in mind. Allow me to give an example: it’s called ‘FlixOnline’. Until recently, this app was on the Google Play Store and promised users the ability to get free mobile access to Netflix anywhere in the world, even if they didn’t have an account. Sounds too good to be true, right?
Yes, exactly.
FlixOnline, discovered by security company Check Point Research, never really let users binge Breaking Bad or whatever. Instead, the researchers say, it delivered a self-replicating worm on their devices, which could potentially be used by hackers in phishing and data theft operations.
According to researchers, Flix’s wormable malware gets into a phone by abusing its permissions and then uses a victim’s WhatsApp conversations to spread itself. Once you download it, Flix will ask for access to various controls of your device. It then hijacks your WhatsApp and uses it to send spam messages to people who message you. For example, if your friend sends you “Hey dude, whaddup”, Flix will secretly automatically reply for you, sending him a, uh, very subtle ad for his fake services:
“2 months free Netflix Premium free to REASON OF QUARANTAINE (CORONA VIRUS) * VIRUS) * Get 2 months free Netflix Premium anywhere in the world for 60 days. Download it HERE now ” [insert malicious link]
G / O Media can receive a commission
If your friend, lost in a confused fog – baffled by the fact that their friend has been transformed overnight into a robotic Netflix shill for years – happens to click on the link provided, they will be redirected to a website where they can download the app, and the malware will replicate itself again. Researchers say the site can easily serve as a way for hackers to steal a victim’s personal information. In reality, it’s hard to imagine that most people, say, gullible enough to follow that last step, but again, “123456” remains a popular password.
So, voila! It’s like a moral lesson about the ailments of piracy packed into a very, very stupid app – an app that does literally nothing except hijack your conversations with friends and loved ones to recreate its own foolish, useless existence.
Of course, the access provided by such an app means that a bad actor can certainly take advantagee it to do more than send nasty messages (such as stealing your private information and thereby trapping you in an extortion scheme, possiblyAdditionally, if the messages sent to a victim’s contacts have been changed to something other than a hacky Netflix ad, or if additional malicious links were added to the hijacked WhatsApp messages, a person could be in quite a mess . So it is not only an annoying app, but also potentially dangerous.
Perhaps the worst thing here is that Flix has been on the Play Store for about two months and compromised about 500 devices, according to Check Point (the app has since been removed). It’s another great example of how Google hasn’t always done a great job when it comes to getting rid of bad apps distributed on its platform.
“The fact that the malware could be so easily disguised and eventually bypassed Play Store protections raises serious red flags,” said Aviran Hazum, mobile intelligence manager at Check Point. He added that while this particular malware campaign was being halted, the same malware could be redeployed through another bogus app. So … be careful out there, my pirate friends. Remember: there is no such thing as free content.