In what is becoming a recurring ritual, Google has removed a scammy Android malware app from the Google Play Store. This time, the offending culprit is FlixOnline, a malware app that roped people in by pretending to offer them free Netflix access. Its banishment from the Play Store is great, but the onus is on you to remove it from your device if you were suckered into downloading it at any point.
While most Lifehacker readers were probably smart enough to avoid the app’s promise—two months of free Netflix for absolutely nothing!—I can see that pitch totally working on many people who, stricken with a case of pandemic carelessness, simply were seeking something else to do during quarantine. Well, spoiler: There is no easy way to get Netflix for free (not even from Netflix itself).
If you installed the FlixOnline app in the hopes that you’d get to stream The Queen’s Gambit at no cost, you were mistaken. Instead, by granting the app “Overlay,” “ Battery Optimization Ignore,” and “Notification” permissions, you gave it everything it needed to do to serve up fake login overlays across legitimate apps, run forever, and access (or reply to) all of your device’s notifications. And if you have WhatsApp installed, the situation gets even worse, as Check Point Research describes:
“Check Point Research (CPR) recently discovered malware on Google Play hidden in a fake application that is capable of spreading itself via users’ WhatsApp messages. If the user downloaded the fake application and unwittingly granted the malware the appropriate permissions, the malware is capable of automatically replying to victim’s’ incoming WhatsApp messages with a payload received from a command-and-control (C&C) server. This unique method could have enabled threat actors to distribute phishing attacks, spread false information or steal credentials and data from users’ WhatsApp accounts, and more.”
You probably remember if you installed the FlixOnline app or not—you would have likely done it within the last few months. If you have, and you’ve run it, it might not appear in your app drawer as a result of its ability to hide its own icon. Instead, visit your device’s equivalent of Settings > Apps & Notifications > App info to remove it (your Android’s specific path may differ).
You’ll also want to change the passwords for all the apps and services you use on your device, just in case. That’s especially true if you’ve had to log in (or re-log in) to any of your apps or services in the time since you installed FlixOnline. Finally, use this as a teachable moment and focus on improving your security habits going forward. If something sounds too good to be true, it probably is; if you’re not sure, a quick web search is usually all you need to do to figure out whether an app is legitimate or incredibly suspicious.