FlixOnline Promised Netflix, But Spread Malware

Privacy Cyber Security AH Nov AH 2019

FlixOnline infected Android smartphones by disguising itself as an app bringing free Netflix content. Netflix, with its superb streaming content, is a much-coveted form of entertainment. Hence, people fell for FlixOnline’s offer of free access big time. The app was available on Google Play Store for download, and it promised free access to Netflix from any part of the world.

How did FlixOnline Work?

The malicious FlixOnline app, first reported by Check Point, accessed WhatsApp on smartphones and spread malicious messages to other users through autoreplies, carrying links. Users were prompted to click on the links to access Netflix for free. Thus, FlixOnline hijacked users’ WhatsApp and send spam messages to their contacts.

Recently, a similar malicious campaign surfaced. This time, the malware dubbed as FluBot spread via fake messages send to potential targets. The texts pretended to originate from a delivery company, urging users to track their parcels. Then, similarly to the FlixOnline campaign, the malicious messages would be sent to all contacts in the victims’ phones.


Gullible users had hoped to watch the latest Netflix shows. However, the security firm Check Point found that FlixOnline would leave users vulnerable to hacking and phishing by delivering a self-replicating worm into their devices. After the installation of FlixOnline, a fake login screen would be used to access a user’s login credentials, and it would then monitor the phone’s notifications.

There are three main permissions the app asks for ‘overlay,’ ‘ignore battery optimization,’ and ‘notification.’ The overlay permission is used to fool the user into entering their login credentials into the malicious app. The ignore battery optimization option allowed the app to protect itself from Android’s battery savings. The notification access permission gave FlixOnline access to notifications allowing it to ignore or reply to messages.

How did viewers fall for It?

As soon as the receivers of the auto-reply spam message would click on the given link, they would be directed to a website to download FlixOnline, where the malware would again replicate itself. It has been found that the site was used to steal a victim’s personal information.


The access gained by this app meant that it could do more than send innocuous messages. A victim’s messages being stolen could leave him vulnerable to extortion through blackmail. Additional malicious links could be sent, putting the viewer in quite a mess. Hence, FlixOnline was always a potentially very dangerous app.

The way viewers fell for FlixOnline highlights how important it is to stay protected online. You should install an anti-virus tool to protect your device from malware and phishing. You should also update it regularly.

Additionally, dangerous or fraudulent apps on Google Play Store are nothing new. For instance, 23 “fleeceware” apps have already attempted to trick people into signing up for questionable subscriptions. Thus, it is important to stay vigilant when downloading apps, even if they are available on Google Play Store.


How do you avoid such apps in the future?

The FlixOnline app required three separate permissions after opening. These are battery optimization, notifications, and screen overlay. Bear in mind that no genuine app ever asks for permission associated with your smartphone. Even if they would, they should be able to justify these requests.

Malicious apps like FlixOnline lure you into their trap by offering you the moon. It’s wise to stay away from offers that appear too good to be true. With people spending more and more time online, one should always remain cautious as malware is likely to acquire new forms and make new victims. You should always exercise caution and avoid clicking on links that appear suspicious. Keep yourself protected by installing anti-virus software. Furthermore, a VPN for Android can do wonders for your security and privacy online. It might prevent snoopers from stealing your information. If you tend to use your smartphone everywhere you go, a VPN is the right tool for you.

The Damage Done

Check Point reveals that the app was available in Google Play Store for around two months. During this period, it infected about 500 devices. While the app has in the meantime been taken down, it remains a reminder that Google Play Store still struggles to detect malicious apps.


The very fact that the app managed to disguise itself and bypass Google Play Store’s protection mechanism does raise serious security worries. While this particular malware was located and taken down, it could still be deployed again as another fake app. Avoid offers that are too good to be true. That’s the wisest way to protect yourself.