A virus for the Android operating system infected more than 620,000 devices before being removed from the Google Play Store. The malware was hidden in at least 11 apps, most focused on image editing and camera features, while in the background it used users’ cellular plan to fraudulently sign up for paid subscription services.
Victims usually only notice the problem when they receive invoices or notice their credit balance being consumed quickly. Meanwhile, on the other side, the crooks used affiliation and redirection links to obtain part of the profits involved in subscriptions to premium services, which could also be operated by the criminals themselves to obtain full amounts of fraud.
While the first contaminations took place in countries such as Indonesia, Malaysia, Thailand, Singapore and Poland, more recent analyzes of the campaign indicate the beginning of a global spread. Kaspersky associated the scams with the Fleckpe malware, a new addition to the list of Android malware focused precisely on this type of crime, which began to circulate at the end of last year but was only fully analyzed and documented now.
The company also released the list of apps involved in the contamination:
- com.impressionism.prozs.app;
- com.picture.pictureframe;
- com.beauty.slimming.pro;
- com.beauty.camera.plus.photoeditor;
- com.microclip.vodeoeditor;
- com.gif.camera.editor;
- com.apps.camera.photos;
- com.toolbox.photoeditor;
- com.hd.h4ks.wallpaper;
- com.draw.graffiti;
- com.urox.opixe.nightcamreapro.
The entire fraudulent signature process took place in the background, without the user noticing. If any type of confirmation or download was needed, Fleckpe was also capable of carrying out the process and intercepting notifications, so that the victim would only realize the fraud when it was too late.
Users remain at risk
While all software has since been removed from the Google Play Store, anyone who downloaded it is still at risk. Therefore, Kaspersky’s recommendation is to uninstall the solutions and perform a security check on Android, with antivirus applications that scan and can ensure that there are no more signs of malware on the device.
If you notice undue charges, the ideal is to contact the operator to try to cancel the subscriptions. It’s also important to be on the lookout for suspicious behavior on your smartphone, such as the appearance of icons or increased battery, mobile connection or processing consumption, which could be signs that erratic activity is happening in the background.
The ideal, still, is always to download applications from safe sources and known developers. Often, an internet search helps to separate legitimate applications from malicious ones, while only official stores should be used for this purpose. Also, pay attention to the requested permissions and always evaluate whether the request has to do with the nature of the installed app.
Source: Kaspersky
