Kaspersky, a cybersecurity company, recently discovered a new Android subscription malware named ‘Fleckpe’ on Google Play, the official Android app store. Fleckpe generates unauthorized charges by subscribing users to premium services and has been downloaded over 620,000 times.
Malware like Fleckpe, Jocker, and Harly make money for threat actors by receiving a share of the monthly or one-time subscription fees generated through the premium services. The Trojan has been active since last year, but Kaspersky recently discovered it.
Most victims of Fleckpe reside in Thailand, Malaysia, Indonesia, Singapore, and Poland, but a smaller number of infections are found globally.
Kaspersky found 11 Fleckpe trojan apps impersonating image editors, photo libraries, premium wallpapers, and more on Google Play. The apps had been removed from the marketplace by the time the report was published.
Android users who have previously installed the apps are advised to remove them immediately and run an AV scan to uproot any remnants of malicious code still hidden in the device. When a Fleckpe app launches, it decodes a hidden payload that contains malicious code, which is then executed.
The payload is responsible for contacting the threat actor’s command and control (C2) server to send basic information about the newly infected device, including the MCC (Mobile Country Code) and MNC (Mobile Network Code).
In the latest versions of Fleckpe analyzed by Kaspersky, developers have shifted most of the subscription code from the payload to the native library, leaving the payload responsible for intercepting notifications and displaying web pages.
A layer of obfuscation has been incorporated into the most recent payload version to increase Fleckpe’s evasiveness and make it more challenging to analyze.
While not as dangerous as spyware or data-stealing malware, subscription trojans can still incur unauthorized charges, collect sensitive information about the user of the infected device, and potentially serve as entry points for more potent payloads.
Android users are advised to only download apps from trusted sources and developers and pay attention to the requested permissions during installation to protect against these threats.
In conclusion, Fleckpe is a new Android subscription malware that generates unauthorized charges by subscribing users to premium services. Fleckpe is the newest addition to the realm of malware, joining the ranks of other malicious Android malware, such as Jocker and Harly. Kaspersky discovered 11 Fleckpe trojan apps impersonating image editors, photo libraries, premium wallpapers, and more on Google Play.
While not as dangerous as spyware or data-stealing malware, subscription trojans can still incur unauthorized charges, collect sensitive information about the user of the infected device, and potentially serve as entry points for more potent payloads.
Android users are advised to only download apps from trusted sources and developers and pay attention to the requested permissions during installation to protect against these threats.
