11th April 2021, Kathmandu
A fake application on google play, claiming to allow users to view Netflix content from all over the world, was spreading malware through WhatsApp messages, according to researchers from Check Point Research.
When a user downloads the fake application from the Play Store, the malware requests certain permissions for specific reasons. For instance, ‘Overlay’ lets the malicious application create new windows on top of other applications.
This is usually requested by malware to create a fake “Login” screen for other apps, with the aim of stealing the victim’s credentials.
If all permissions are granted, the malware displays a landing page it receives from the C&C server and immediately hides its icon so the malware can’t be easily removed.