Fleckpe Infects Over 620K With Subscription Malware Via Google Pay

Yesterday, Kaspersky revealed ‘Fleckpe’, a new global, Android malware disguised as legitimate apps that generates unauthorized charges by subscribing users to premium services. It was discovered that there were over 600,000 downloads of 11 Fleckpe trojan apps impersonating image editors, photo libraries, premium wallpapers, and more on Google Play.

Upon installation, the malicious app requests access to notification content needed to capture subscription confirmation codes on various premium services. It then decodes a hidden payload which is then executed all while the app maintains promised usability, evading suspicions.

All 11 apps have been removed from the marketplace but there is concern that others have been deployed and yet to be undiscovered. Those who have installed the bad apps to obviously remove them and run an AV scan cleanse any hidden malicious code remaining.

Roy Akerman, Co-Founder & CEO, Rezonate had this comment:

   “Rogue apps that find their way to app stores present a real risk since users have complete trust that those are safe and verified. For the past several years there has been an increase in mobile threats from  dedicated malware at the application and device level, mostly part for financial gain as in the case of Fleckpe, but in many cases for the purpose of bypassing traditional MFA of SMS OTP. Google and Apple have and still are investing a lot to further strengthen their testing of new applications, yet as consumers we should all still remain warry of new applications before downloading.”

This illustrates why you need to be careful with the apps that you install, and what permissions you give them. Otherwise, you might be in for a lot of trouble.

Leave a Reply

%d bloggers like this: