Fleckpe, a new Android malware, installed over 620,000 times on Google Play, was found generating unauthorised charges by subscribing users to premium services. The malware was disguised as legitimate apps and was being spread as part of photo editing apps, smartphone wallpapers packs, and other commonly available apps on the Google Play Store.
The Trojan malware works by remaining unnoticed, and it is only when users detect unauthorised charges for services, they never intended to buy that it is detected, a report from Kaspersky said.
The malware works by loading a malicious native library that runs a program to contact the threat actors while sharing information about the infected device. The information is used to send a paid subscription page that is filled by the Trojan in an invisible web browser page to start the subscription, which is used to siphon money. Users, meanwhile, remain unaware they have been subscribed to a paid service.
Data suggests the trojan has been active since 2022, and was found in 11 apps on Google Play, that have now been removed. However, threat actors may have deployed other apps which are yet to be detected.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The malware predominantly targeted Thailand, although signs of it being used to target users in Poland, Malaysia, Indonesia, and Singapore were also found.
The malware is the latest addition to the list of similar maliciously crafted malware that includes the Joker and Harley family.
Subscription Trojans have gained popularity with scammers increasingly turning to official marketplaces like Google Play to spread their malware. The growing complexity of these Trojans has allowed them to successfully bypass anti-malware checks by marketplaces and remain undetected for long periods of time, the report said.
How to protect against malware
While protecting against malware, distributed through trusted marketplaces, can be difficult users can take steps to improve the security of their devices. Users are advised to be cautious when downloading apps, even those coming from Google Play Store. Reading the privacy policy and carefully assessing the permissions requested by apps may help identify and avoid malicious apps. It is also recommended to not download apps from unverified publishers or sources.
COMMents
SHARE