TRENDING:

Cybercrime , Fraud Management & Cybercrime , Mobile Payments Fraud

Fleckpe Trojan Infects 620K Devices Via Google Play

Now-Removed Apps Have 620K Downloads, Targeting Victims in Thailand Prajeet Nair (@prajeetspeaks) • May 8, 2023    
Fleckpe Trojan Infects 620K Devices Via Google Play

Researchers found Android malware masquerading as a legitimate application available and downloaded over 620,000 times from the Google Play store. The apps have been active since 2022, posing as legitimate photo-editing apps, camera editors and smartphone wallpaper packs.

See Also: The New Rules for Web App and API Security

Researchers found 11 legitimate applications infected with the malware, dubbed Fleckpe by Kaspersky, which have been since taken down.

Upon download, the app loads a complicated native library through a malicious dropper. The dropper executes a payload from the app asset, which sends the infected device's mobile code to a command-and-control server. The server then sends a paid subscription page, which the Trojan opens in an invisible web browser to subscribe the user.

"The subscription Trojans go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware often finds its way into the official marketplace for Android apps," according to Dmitry Kalinin of Kaspersky.

The Trojan targeted Thai-speaking users. The majority of the reviewers for the infected apps were from Thailand.

Kaspersky's telemetry also identified victims from Poland, Malaysia, Indonesia and Singapore.

This is not the first time threat actors have used the Google Play store to spread malware. Operators of the banking Trojan SharkBot previously have used Google Play store. Cybersecurity firm Fox-IT uncovered that they were distributing the malware on now-deactivated applications that already have tens of thousands of installations (see: SharkBot Trojan Spread Via Android File Manager Apps).

Another banking Trojan found mimicked the appearance of more than 400 applications, including leading financial and crypto exchange applications, in 16 countries. Research from security intelligence firm Group-IB said the Trojan, dubbed Godfather, reappeared with slightly modified WebSocket functionality after a three-month pause in circulation (see: Godfather Android Banking Trojan Steals Through Mimicry).

How Fleckpe Works

In the latest version, the payload intercepts notifications and "views web pages, acting as a bridge between the native code and the Android components required for purchasing a subscription."

Kaspersky researchers said this update was done to complicate analysis and make the malware difficult to detect with the security tools.

"Growing complexity of the Trojans has allowed them to successfully bypass many anti-malware checks implemented by the marketplaces, remaining undetected for long periods of time," Kalinin said.

Previous
The Role of Regulation in Comprehensive Cybersecurity
Next
Cloud-Based EHR Vendor Notifying 1 Million of Data Breach

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.