A new strain of malware has appeared on the Play Store disguised as a legitimate app and has received over 620,000 downloads. Called “Fleckpe”, it generates unauthorized charges when subscribing users to premium services. Expert information suggests that the malicious program has been active since 2022, but it was only recently discovered and documented.
By tricking users into signing up for unauthorized services, the malware has already made quite a profit for scammers. They receive a portion of the money either monthly or all at once, depending on the subscription type. However, if the criminals operate the platforms themselves, they manage to get 100% of the payment.
Kaspersky professionals reported that most of the victims are residents of Malaysia, Indonesia, Thailand, Singapore and Poland. There are people who fell for the scam around the world, but these situations were on a smaller scale.
In addition, the internet security company disclosed that it discovered 11 types of Fleckpe. They disguise themselves as image editing applications, wallpapers, image library, among others. Some of the names of these malicious programs are:
Apps have been removed, for now
In the report released in kaspersky pagethe professionals say that all the Fleckpe malicious programs they found are no longer present in the Google Play Store, but it is worth keeping an eye on:
All apps were removed from the digital store when our report was published, but criminal actors may have deployed other as yet undiscovered software, so the actual number of installs could be higher.
According to the cybersecurity company, the malware works as soon as the user activates the app. It loads a “heavily obfuscated native library containing a malicious dropper that decrypts and executes a payload of application assets”.
Fleckpe then contacts the scammers’ command and control servers and sends data from the device, which includes the mobile area code and mobile network code. Finally, the malicious software opens an invisible browser window to sign up the victim.
Apparently, this type of virus is becoming quite popular in the eyes of cybercriminals. Its operators are using official marketplaces like the Play Store and the App Store to spread content and make new victims.
Kaspersky suggests common measures to avoid falling for scams:
To avoid infection and the consequent financial loss, we recommend being careful with apps, even those coming from Google Play, avoiding giving permissions that they shouldn’t have and installing an antivirus capable of detecting this type of trojan.
With information: Bleeping Computer.