FlixOnline

FlixOnline is an Android malware, first detected in early 2021, believed to target users of WhatsApp. FlixOnline primarily spreads via automatic replies to a device’s incoming WhatsApp messages.^[1]

ID: S1103

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.0

Created: 26 January 2024

Last Modified: 19 March 2024

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1517		Access Notifications	FlixOnline requests access to the `NotificationListenerService`, which can allow it to manipulate a device's notifications.^[1]
Mobile	T1624	.001	Event Triggered Execution: Broadcast Receivers	FlixOnline may use the `BOOT_COMPLETED` action to trigger further scripts on boot.^[1]
Mobile	T1643		Generate Traffic from Victim	FlixOnline can automatically send replies to a user’s incoming WhatsApp messages.^[1]
Mobile	T1628	.001	Hide Artifacts: Suppress Application Icon	FlixOnline can hide its application icon.^[1]
Mobile	T1417	.002	Input Capture: GUI Input Capture	FlixOnline requests overlay permissions, which can allow it to create fake Login screens for other apps.^[1]
Mobile	T1409		Stored Application Data	FlixOnline can steal data from a user’s WhatsApp account(s).^[1]

References

Aviran Hazum, Bodgan Melnykov, Israel Wenik. (2021, April 7). New Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp. Retrieved January 26, 2024.

FlixOnline

Mobile Layer

Techniques Used

References