fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Android Malware Infects Wannabe Netflix Thieves Via WhatsApp

Android Malware Infects Wannabe Netflix Thieves Via WhatsApp

Newly discovered Android malware found on Google’s Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages.

Researchers at Check Point Research (CPR) discovered this new malware disguised as an app named FlixOnline and trying to lure potential victims with promises of free access to Netflix content.

CPR researchers responsibly disclosed their research findings to Google who quickly took down and removed the malicious application from the Play Store.

The malicious FlixOnline app was downloaded roughly 500 times throughout the two months it was available for download on the store.

Pushes phishing sites via WhatsApp auto-replies

Once the app is installed on an Android device from the Google Play Store, the malware starts a service that requests overlay, battery optimization ignore, and notification permissions.

After the permissions are granted, the malware will be able to generate overlays over any app windows for credential theft purposes, block the device from shutting down its process to optimize energy consumption, gain access to app notifications, and manage or reply to messages.

It then starts monitoring for new WhatsApp notifications to auto-reply to all incoming messages using custom text payloads received from the command-and-control server and crafted by its operators.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

“The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager,” said Aviran Hazum, Manager of Mobile Intelligence at Check Point.

“The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags.”

Check Point said that the automatic responses observed in this campaign redirected the victims to a fake Netflix site that tried to harvest their credentials and credit card information.

FlixOnline
Image: Check PointResearch

Malicious replies used for auto-spreading

Using this malware, the attackers could perform various malicious activities, including:

  • Spreading further malware via malicious links
  • Stealing data from users’ WhatsApp accounts
  • Spreading fake or malicious messages to users’ WhatsApp contacts and groups (for example, work-related groups)
  • Extorting users by threatening to send sensitive WhatsApp data or conversations to all of their contacts

This wormable Android malware “highlights that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups,” Check Point concluded.

“Although CPR helped stop this one malware campaign, we suspect the malware family identified is here to stay, as it may return in different apps on the Play Store.”

Indicators of compromise (IOCs), including malware sample hashes and the C2 server address, are available at the end of Check Point’s report.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Another Android malware disguised as a System Update discovered by Zimperium researchers on third-party Android app stores provided threat actors with spyware capabilities designed to automatically trigger whenever new info is ready for exfiltration.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us