Beware of Subscription Malware Fleckpe on Google Play: Over 620,000 Users Infected
A new Android subscription malware named Fleckpe has been discovered on the official Google Play Store. This malware has been found in several Google Play apps that have already been downloaded by more than 620,000 users. The trojan is a subscription-based app that often goes unnoticed by users until they discover they’ve been charged for services they did not purchase. The malware appears in apps that seem normal, like photo editors and wallpaper packs, and is able to sign up users for paid subscriptions without their knowledge. The trojan opens a paid subscription page in an invisible web browser, attempts to subscribe on the user’s behalf, and obtains the confirmation code required to complete the subscription process. Once completed, the victim continues to use the app’s legitimate functionality without their knowledge that they have been subscribed to a paid service.
According to Kaspersky researchers, subscription trojans are becoming increasingly popular with scammers as they are comparatively easy to get onto Google Play and other official Android app stores. The malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs, and was identified in 11 apps on the official app storefront, which have since been taken down. McAfee also reported that HiddenAds adware again targeted Android users by impersonating legit gaming apps like Minecraft, and that around 38 gaming apps are actively distributing the HiddenAds adware, targeting Android users. These applications have even made an appearance on the Google Play Store, tempting even the most official source-dependent gamers to download them.
For added device protection, it is important to confirm that Google Play Protect is activated on your mobile device. This feature performs constant scans on new and previously installed applications to detect any potential malware threats. Additionally, you may consider installing one of the top-rated Android antivirus applications to enhance your security measures. It is also recommended that users should get rid of apps they no longer use anymore and delete any apps for games or social media platforms you no longer use. While not as dangerous as spyware or data-stealing malware, subscription trojans can still incur unauthorized charges, collect sensitive information about the user of the infected device, and potentially serve as entry points for more potent payloads.
0. “Subscription-based Fleckpe trojan in 11 Android apps infects over 620,000 devices” News9 LIVE, 6 May. 2023, https://www.news9live.com/technology/cybersecurity/subscription-based-fleckpe-trojan-in-11-android-apps-infects-over-620000-devices-2128698
1. “Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads” The Hacker News, 5 May. 2023, https://thehackernews.com/2023/05/fleckpe-android-malware-sneaks-onto.html
2. “HiddenAds Adware Target Android Via Minecraft App Clones” Cyber Security News, 1 May. 2023, https://latesthackingnews.com/2023/05/01/hiddenads-adware-target-android-via-minecraft-app-clones/
3. “Google warns Android users to DELETE these 36 apps NOW” Meanwhile in Ireland, 1 May. 2023, https://meanwhileinireland.com/google-warns-android-users-delete-these-apps
4. “Malicious Android apps are secretly signing users up for paid subscriptions — delete these now” Tom's Guide, 5 May. 2023, https://www.tomsguide.com/news/malicious-android-apps-are-signing-users-up-for-paid-subscriptions-delete-these-now
5. “Experts urge Android users to delete a swathe of apps from their phones” Hampshire Live, 7 May. 2023, https://www.hampshirelive.news/news/uk-world-news/experts-urge-android-users-delete-8420779
6. “New Fleckpe Android malware installed 600K times on Google Play” BleepingComputer, 4 May. 2023, https://www.bleepingcomputer.com/news/security/new-fleckpe-android-malware-installed-600k-times-on-google-play/