Beware of the Fleckpe Trojan, a Virus that Forces Paid Subscriptions

iwanrj.com – Jakarta – Kaspersky researchers have discovered a new trojan called Fleckpe that targets Google Play users, this virus makes users follow paid subscriptions by force.

Based on the official information received Telsetthis Fleckpe trojan has spread to devices through photo editor and wallpaper services, then makes users subscribe to paid services without being aware of it directly.

During this time, malicious apps have been uploaded to the Google Play Store which may seem benign at first but are actually dangerous. Among these is subscription malware with some malware quite complicated.

This virus often escapes user monitoring, until finally the victim has been billed for services that are not followed.

READ ALSO:

This type of malware often finds its way into the official market for Android apps. 2 new examples are the newly discovered family of Jocker and Harly. This new invention discovered by Kaspersky is spreading on Google Play under the guise of a photo editor, wallpaper pack and other applications. In fact users are unknowingly subscribing to paid services.

Kaspersky data shows that the virus has been active since 2022, and the company’s researchers found that at least 11 applications were infected with Fleckpe, and were installed on more than 620,000 devices. Although, currently the app has been removed from the official platform but there is a possibility that bad actors continue to spread it.

This means the actual number of installs tends to be higher. An application containing Fleckpe looks genuine, but in fact contains a malicious dropper that works to decrypt and execute the payload of the application’s assets.

This payload establishes a connection with the attacker’s command and control server and transmits key information from the device.

These important information like country and operator details, after that paid subscription page is also available. The subscription-forced Fleckpe Trojan then surreptitiously launches a browser and attempts a paid subscription on behalf of the user from the stolen information.

Worse, if the subscription process requires a confirmation code, the malware will access the device’s notifications to get a confirmation code.

Thus, this virus will set up paid services on the device without the user’s consent, resulting in financial loss for the user.

On the other hand, the functionality of the application remains unaffected, and users can continue to edit photos or set wallpapers without realizing that they have been charged for a service.

Kaspersky telemetry has shown that the malware targets users in Thailand, although victims have also been found in Indonesia, Malaysia, Singapore and Poland. Darling.

READ ALSO:

Dmitry Kalinin Kaspersky Security Researcher said this type of virus is increasingly populer. And because of its populerity it allows viruses to successfully pass many anti-malware checks implemented by official application providers and go undetected for long periods of time.

He also explained that users often don’t notice the existence of unwanted subscriptions quickly and don’t know how this happened. All of these crimes make subscription malware a source of illegal revenue that cybercriminals can rely on. [FY/HBS]