The malware could send further malicious content via automated replies to incoming WhatsApp messages.
The researchers found the malware hidden in an app called “FlixOnline” which is a fake service that claims to allow users to view Netflix content from around the world on their mobile.
“However, instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor the user’s WhatsApp notifications, and to send automatic replies to the user’s incoming messages using content that it receives from a remote command and control (C&C) server,” stated CPR.
The malware sends this message to its victims, and lures them with an offer of a free Netflix service: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”