HQ/EMEAFind out how we can help your business
The Fleckpe malware is an Android subscription malware app available on Google Play. Based on reports, the Android malware has been downloaded more than 600,000 times.
The researcher explained that threat actors could gain revenue through unauthorised subscriptions like this Android malware by receiving a share of the one-time subscription or the monthly fees generated through a premium service. However, an attacker could keep the total earnings if they operate their services.
The Fleckpe malware has infected most of its targets from SEA.
Most of the Fleckpe malware victims came from Southeast Asian nations like Singapore, Thailand, Malaysia, and Indonesia. However, a few infections occurred in some parts of the globe.
A recent tally showed that 11 Fleckpe trojan applications impersonate app tools like image editors, photo libraries, and premium wallpapers.
Researchers explained that the malicious app requested access to notification content to capture subscription confirmation codes on premium services upon installation. Next, the attack process decodes a hidden payload containing malicious code to execute after the Fleckpe app launches.
The payload is responsible for contacting the threat actors’ C2 server to send primary data about the infected device. The payload could send info about the device’s MNC and MCC. The command-and-control server will then respond with a website address which the trojan triggers in an invisible web browser window and subscribes the infected target to a premium service.
However, if the app requests confirmation, the malware will recover a code from the device’s notification. The process will then submit the stolen code to finalise the subscription.
Furthermore, the latest malware version has transitioned most of the subscription code from the payload to the default library. This tactic has obligated the payload to intercept notifications and display web pages. The malware developers have also included a layer of obfuscation in the latest version.
Cybersecurity experts advise users to only download apps from trusted developers and be vigilant about the requested permissions of an app during installation to avoid infections from these malicious applications.
