The cybersecurity firm Kaspersky has discovered a new Android subscription malware on Google Play, the official Android app store. The new malware has been given the name Fleckpe and is the newest addition to the realm of malware that generates unauthorized charges by subscribing users to premium services.
How is the new malware being spread?
Fleckpe is a subscription trojan that is spreading via Google Play as part of photo editing apps and smartphone wallpaper packs. What's worse is that even though this malware was just discovered, it's now known to have been actively spreading for a year and has already infected more than 620,000 devices.
How does it sign people up for paid subscriptions?
Once you have downloaded an app on your Android that has been infected with Fleckpe, the app will have access to your notifications, where a confirmation code can be found.
A malicious code will begin to run on your device, and that will contact the hackers through a command and control server. The hackers will then send over your device’s Mobile Country Code and Mobile Network Code, which are used to figure out where you live along with your mobile carrier.
Once they have this information, the hacker will then send a paid subscription page that is opened in an invisible browser by the trojan. It then signs you up for a paid subscription using the code it got once it was granted access to your notifications. This confirms the subscription, all while being invisible to you, as the app itself works completely normally.
What apps should I delete?
If you have any of the apps listed below on your Android, you should delete them immediately. These have all been infected with the Fleckpe malware, and the Google Play Store has removed them from the platform.
Beauty Camera Plus
Beauty Photo Camera
Beauty Slimming Photo Editor
Fingertip Graffiti
GIF Camera Editor
HD 4K Wallpaper
Impressionism Pro Camera
Microclip Video Editor
Night Mode Camera Pro
Photo Camera Editor
Photo Effect Editor
How else can I keep myself safe from these malicious apps?
Although these apps have been discovered and removed from the Google Play store, you should still be cautious because you never know what apps out there could get infected with malware. Here are some of my tips for avoiding getting malware on your Android.
Double-check the reviews
To avoid malware infection and subsequent financial loss, we recommend you always make sure that the apps you're downloading are from a legit source. For Android users, you should always be downloading apps from the Google Play Store, and remember to check the reviews on the app before downloading. If it looks like the app has a ton of negative reviews or very few reviews at all, then it is best to avoid downloading that app.
Make sure your devices, operating systems, and apps are up-to-date
Always keep your devices, operating systems, and apps up to date. You should always make sure that you have the latest software version available. These updates have stronger security features, so the newer the software, the better protected your Android will be.
Here's how to check if you need to update your Android:
Open your Settings app
Near the bottom, tap Software update
Then tap Download and install
You'll see your update status. Follow any steps on the screen
Here's how to check if you need to update your Android apps:
Open the Google Play Store app
At the top right, tap the profile icon
Tap Manage apps & device. Apps with an update available are labeled Update available
Tap Update
Note: settings may vary depending on your Android phone's manufacturer.
Have good antivirus software on all your devices
This story is also another reminder to always have good antivirus software running on your devices, as malicious apps can be found on any platform, even if it is a legit one like the Google Play Store. Having antivirus software on your devices will help detect this type of trojan on an app you may have downloaded that may not have been removed yet from the Google Play Store.
Final thoughts
With the unnerving discovery of this latest subscription malware on Google Play called Fleckpe, it is crucial to only download apps from legitimate sources and double-check reviews, keep your devices, operating systems, and apps up-to-date, and have reliable antivirus software on all your devices.
Fox News