Android malware on Google Play Store apps behind unauthorised subscription charges: Report 

Android malware on Google Play Store, was found impersonating image editing, photo library, and premium wallpaper apps to sign up users to unauthorised subscriptions  

May 05, 2023 03:10 pm | Updated 03:14 pm IST

A new Android malware on Google Play was found generating unauthorised charges by subscribing users to premium services.

A new Android malware on Google Play was found generating unauthorised charges by subscribing users to premium services. | Photo Credit: Reuters

Fleckpe, a new Android malware, installed over 620,000 times on Google Play, was found generating unauthorised charges by subscribing users to premium services. The malware was disguised as legitimate apps and was being spread as part of photo editing apps, smartphone wallpapers packs, and other commonly available apps on the Google Play Store.

The Trojan malware works by remaining unnoticed, and it is only when users detect unauthorised charges for services, they never intended to buy that it is detected, a report from Kaspersky said.

The malware works by loading a malicious native library that runs a program to contact the threat actors while sharing information about the infected device. The information is used to send a paid subscription page that is filled by the Trojan in an invisible web browser page to start the subscription, which is used to siphon money. Users, meanwhile, remain unaware they have been subscribed to a paid service.

Data suggests the trojan has been active since 2022, and was found in 11 apps on Google Play, that have now been removed. However, threat actors may have deployed other apps which are yet to be detected.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The malware predominantly targeted Thailand, although signs of it being used to target users in Poland, Malaysia, Indonesia, and Singapore were also found.

The malware is the latest addition to the list of similar maliciously crafted malware that includes the Joker and Harley family.

Subscription Trojans have gained popularity with scammers increasingly turning to official marketplaces like Google Play to spread their malware. The growing complexity of these Trojans has allowed them to successfully bypass anti-malware checks by marketplaces and remain undetected for long periods of time, the report said.

How to protect against malware

While protecting against malware, distributed through trusted marketplaces, can be difficult users can take steps to improve the security of their devices. Users are advised to be cautious when downloading apps, even those coming from Google Play Store. Reading the privacy policy and carefully assessing the permissions requested by apps may help identify and avoid malicious apps. It is also recommended to not download apps from unverified publishers or sources.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.