A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down. The operation primarily targets users from Thailand, although telemetry data gathered by the Russian cybersecurity firm has revealed victims in Poland, Malaysia, Indonesia, and Singapore. The apps further offer the promised functionality to avoid raising red flags, but conceal their real purpose under the hood. This is a serious issue because the malware is not only difficult to detect, but also because it's difficult to remove once it's infected your device. The list of the offending apps is as follows - "When the app starts, it loads a heavily obfuscated native library containing a malicious dropper that decrypts and runs a payload from the app assets," Kaspersky researcher Dmitry Kalinin said. The payload, for its part, is designed to contact a remote server and transmit information about the compromised device (e.g., Mobile Country Code and Mobile Network Code), following which the server responds back with a paid subscription page. The malware subsequently opens the page in an invisible web browser window and attempts to subscribe on the user's behalf by abusing its permissions to access notifications and obtain the confirmation code required to complete the step. This is a major problem because not only is the malware difficult to detect, but it's also difficult to remove. If you think you may have downloaded one of these apps, it's important to act quickly and remove the app from your device. You should also run a malware scan on your device to be safe.
top of page
bottom of page