Copyright laws protect apps to retain their brand name and logo and prevent other apps from using it. Any infringement of this law or in simpler terms, copying the visual data without appropriate permission can lead to serious trouble and that is why one would want to do it. But what if the application was created with malicious intent then would the Copyright laws be followed? How would a normal user identify a fake app from a legitimate one if the brand name and the logo are the same?
A recent discovery at Check Point Research Centre helped to identify a malware application available on Google Play Store which used the branding of one of the most popular apps Netflix. This app, labelled as FLIXONLINE was available for Android devices and used the logo of the popular streaming app known as Netflix. By using the same logo, Flixonline was able to lure many users to download the app with a promise of showcasing Netflix content from all over the world.
So what could Flixonline do on your device? Well, first this program after being downloaded asks users for a lot of permissions that are generally not required for a video streaming app. Next, this app can automatically send replies to all the incoming messages of WhatsApp. With access to your WhatsApp, this app can spread information that is not correct and steal your credentials and data that you might have shared over this Instant Messenger Service.
One of the messages identified by the Check Point Research was as follows: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONAVIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE.”
A click on “HERE” would have resulted in further issues like:
- Spreading of malicious messages on your WhatsApp groups.
- Infecting and Spreading the Malware further on your device.
- Grab all the user data from your account.
- And finally, it could also lead to extortion where the users could be threatened by the Sensitive content that could be sent to their WhatsApp contacts.
The Good News, of course, is that Google pulled out this app from its Play Store immediately after being notified by Check Point Research. However, this app was available online for more than 2 months where it had gathered at least 500 installs. It is important to note that if Google Play Store removes an app from the Play Store it does not automatically get removed from your phone too. This has to be done by the user him/herself.
There have been many such instances in the past where malicious apps have found their way on the Google Play Store to create havoc and mischief on Android devices. This can include stealing your bank accounts, changing your credentials, and misusing your personal information. There is no science as of now to detect if an app is malicious one or not but there is always logic which states that “Be extra cautious while downloading/installing free applications” and if I may add something, “users must start reading and writing comments about an app” to help the community as a whole.
For more details on how Flixonline used to operate on a smartphone, click here