Kaspersky intercepted malicious applications that stole secret user subscriptions in the background, which typically offered some photo or video editing capabilities. Although these capabilities were typically fulfilled, the problematic parts of the applications ran unnoticed in the background.
Despite the recent discovery of malicious apps, security researchers have already uncovered new dangerous Android applications that have been downloaded approximately 620,000 times. The current incident involves a malware called Fleckpe, which specifically targets users to extract money from them.
Following Kaspersky’s discovery, Bleeping Computer reports that Fleckpe is a relatively new malware that generates unauthorized costs for the user by subscribing them to premium services. Fleckpe is not alone in this; Jocker and Harly malware also operate on a similar principle.
Kaspersky has identified 11 apps that pretended to be photo editors and premium wallpaper apps but were actually Trojans. According to Kaspersky, these Trojans may have been active since last year, but they were only discovered and documented now.
Kaspersky has also made public the 11 names under which Fleckpe operated its malicious applications. Although these are package names, it can be deduced from them what their exact names might have been, and in some cases, even the installation files can be obtained from unofficial sources on the Internet. However, it is not recommended to obtain them from such sources. The names of the applications have been noted in parentheses:
- com.impressionism.prozs.app (Impressionism Pro Camera)
- com.picture.pictureframe (Photo Effect Editor)
- com.beauty.slimming.pro (Beauty Slimming Photo Editor)
- com.beauty.camera.plus.photoeditor (Beauty Camera Plus Photo Editor)
- com.microclip.vodeoeditor (Microclip Video Editor)
- com.gif.camera.editor (GIF Camera Editor)
- com.apps.camera.photos (Beauty Photo Camera)
- com.toolbox.photoeditor (ToolBox Photo Editor)
- com.hd.h4ks.wallpaper (HD 4K Wallpaper)
- com.draw.graffiti (Fingertip Graffiti)
- com.urox.opixe.nightcamreapro (Night Mode Camera Pro)
The good news is that all of these malicious applications have now been removed from the Play Store. However, it is possible that malicious parties have since published other undiscovered apps, so the number of victims could be higher than the reported 620,000.
If any of the above names sound familiar, and you cannot find them in the Play Store, it is better to delete them from your device immediately and then perform a virus scan. The problem with Fleckpe’s malicious apps is that they request access to notifications after installation, and although this may not seem dangerous, it is usually necessary for a subscription to be confirmed by the user.
Once the Fleckpe malware is installed, it immediately contacts the control center of the malware’s distributor and starts the subscription process in the background without the user’s knowledge. The permission for notifications is necessary for the user to enter a confirmation code. As soon as the user receives the notification, the program that has access to the notifications enters the code in the browser window running in the background, allowing the subscription to start.
The lesson to be learned here is that users should only download applications from verified and known developers to avoid falling victim to malicious applications like Fleckpe.