This wallet-draining Google Play malware has been installed over half a million times - these are the apps to watch out for

Samsung Galaxy S23 hands on display macro
(Image credit: Future | Alex Walker-Todd)

A newly-detected mobile malware family has been sitting in the Google Play Store and raking up mobile bills for hundreds of thousands of people, new findings have said. 

Cybersecurity researchers from Kaspersky recently discovered Fleckpe, which they say was integrated into at least 11 Android apps that have cumulatively been downloaded roughly 620,000 times.

The apps are mostly image editors, wallpapers, beauty apps, and similar.

Targeting Malaysians and Indonesians

When a victim installs the app, the malware would silently trigger either a one-time, or monthly, subscription, to certain premium services. These premium services could either belong to a third party, with the malware operators getting a cut, or they could belong to the threat actors themselves, allowing them to take the full amount. 

Whatever the case may be, the attackers earned quite the sum, as the researchers found the malware active at least since 2022, although the exact sum is unknown. Most of the victims are located in Thailand, Malaysia, Indonesia, Singapore, and Poland, with a smaller percentage being scattered around the world. 

"All of the apps had been removed from the marketplace by the time our report was published, but the malicious actors might have deployed other, as yet undiscovered, apps, so the real number of installations could be higher," Kaspersky said.

The full list of the malicious apps can be found on this link. Users are advised to uninstall them immediately, and run an antivirus scan to clean up any residual code. 

This type of malware will not ask for a ransom payment, and won’t destroy the data on the endpoint, but it could steal personally identifiable information, and will definitely result in higher charges from the telecoms provider. To prevent such incidents, it’s advised to check the reviews and ratings on the app store before downloading anything.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.