Android Malware on Google Play Installed Over 620,000 Times


A recently discovered Android subscription malware called ‘Fleckpe’ has surfaced on Google Play Store. This insidious malware disguises itself as an authentic application and has already been downloaded by more than 620,000 users into downloading it.

According to Kaspersky, Fleckpe is the latest addition to the notorious malware family that illegitimately charges users by enrolling them in premium services. 

This new malware has joined the ranks of other malicious Android programs, including Jocker and Harly, which exploit unsuspecting victims for financial gain.

Unauthorized subscriptions generate revenue for threat actors, who earn a portion of premium services’ monthly or one-time subscription fees.

Android Malware on Google Play Installed Over 620,000 Times

Malware on Google Play

Moreover, the cybersecurity experts at Kaspersky Lab asserted that the malware has been operating since last year, but its detection and documentation only occurred recently.

The victims of Fleckpe malware are mainly from the following countries:-

  • Thailand
  • Malaysia
  • Indonesia
  • Singapore
  • Poland

An obfuscated native library comprising a malicious dropper loads upon execution of the app, and this native library from the app assets decrypts and runs a payload.

Android Malware on Google Play Installed Over 620,000 Times
Payload

The payload establishes a connection with the C&C server of the threat actors, transmitting crucial device information, including MCC and MNC. 

These details can potentially unveil the victim’s carrier and country of origin. A paid subscription page is displayed in response to the C&C server’s request.

The Trojan operates by triggering an invisible web browser, and then it opens a particular webpage with the intention of subscribing the user to a service.

If the process requires a confirmation code, the malware retrieves it from the device’s notifications.

Android Malware on Google Play Installed Over 620,000 Times
Notifications

Malicious Apps

Here below, we have mentioned the malicious apps’ package names under which they are distributed:-

  • com.impressionism.prozs.app
  • com.picture.pictureframe
  • com.beauty.slimming.pro
  • com.beauty.camera.plus.photoeditor
  • com.microclip.vodeoeditor
  • com.gif.camera.editor
  • com.apps.camera.photos
  • com.toolbox.photoeditor
  • com.hd.h4ks.wallpaper
  • com.draw.graffiti
  • com.urox.opixe.nightcamreapro

All the identified malicious applications have been removed from the Google Play Store. 

But, there is the possibility that the threat actors might have released additional malicious apps that are not yet discovered.

Security analysts recommend caution while downloading and installing applications, even from trusted sources like Google Play. Users should be mindful of the permissions they grant to the apps and avoid providing access to unnecessary data.

Moreover, they also recommended installing a reputed antivirus to detect and protect against this type of Trojan to mitigate such infections and financial losses.

Building Your Malware Defense Strategy – Download Free E-Book

EHA



Source link