A newly-detected mobile malware family has been sitting in the Google Play Store and raking up mobile bills for hundreds of thousands of people, new findings have said.
Cybersecurity researchers from Kaspersky recently discovered Fleckpe, which they say was integrated into at least 11 Android apps that have cumulatively been downloaded roughly 620,000 times.
The apps are mostly image editors, wallpapers, beauty apps, and similar.
Targeting Malaysians and Indonesians
When a victim installs the app, the malware would silently trigger either a one-time, or monthly, subscription, to certain premium services. These premium services could either belong to a third party, with the malware operators getting a cut, or they could belong to the threat actors themselves, allowing them to take the full amount.
Whatever the case may be, the attackers earned quite the sum, as the researchers found the malware active at least since 2022, although the exact sum is unknown. Most of the victims are located in Thailand, Malaysia, Indonesia, Singapore, and Poland, with a smaller percentage being scattered around the world.
“All of the apps had been removed from the marketplace by the time our report was published, but the malicious actors might have deployed other, as yet undiscovered, apps, so the real number of installations could be higher,” Kaspersky said.
The full list of the malicious apps can be found on this link (opens in new tab). Users are advised to uninstall them immediately, and run an antivirus (opens in new tab) scan to clean up any residual code.
This type of malware will not ask for a ransom payment, and won’t destroy the data on the endpoint, but it could steal personally identifiable information, and will definitely result in higher charges from the telecoms provider. To prevent such incidents, it’s advised to check the reviews and ratings on the app store before downloading anything.
Via: BleepingComputer (opens in new tab)