Heavy is the head that wears the crown, and for the world's most popular operating system, part of that weight is all of the Android malware threats trying to attack it. Sadly, anything with that many users is potentially lucrative for hackers, so they are always trying new methods for separating the billions of Android users from their hard-earned cash.
A new report from Kaspersky highlighted "Fleckpe," a subscription trojan that infected over 620,000 users via at least 11 different Google Play apps since 2022 (via TechRadar).
The real number could be considerably higher, those were simply the examples that Kaspersky was able to identify.
How does a subscription trojan work?
Subscription trojans are a tricky form of malware that can escape notice by both the anti-malware detection in Google Play and affected users as it doesn't do anything obvious like hijacking your phone, but is content to steal from you in the background and hope you don't notice the subscription charges on your account.
After you download the app and open it for the first time it will run a payload that contacts the hacker's C&C server to provide them with information about your device, including your country and wireless carrier. The trojan then opens a relevant subscription page in an invisible browser and attempts to purchase a subscription. The app will have asked for the necessary permissions when it first ran to grab any confirmation code that is generated from your notifications.
From here the hacker sits back and collects your money and hopes you don't notice.
Check your phone for these apps
If you have any of these apps installed on your Android device you should delete them immediately and check your bank or credit card statements for subscription charges of unknown origins.
- Beauty Camera Plus
- Beauty Photo Camera
- Beauty Slimming Photo Editor
- Fingertip Graffiti
- GIF Camera Editor
- HD 4K Wallpaper
- Impressionism Pro Camera
- Microclip Video Editor
- Night Mode Camera Pro
- Photo Camera Editor
- Photo Effect Editor
How to protect yourself from subscription trojans
While this particular malware would have snuck by the best antivirus apps for your phone, we still recommend downloading and installing one. It will catch a large number of malware threats out there and once a threat like this is revealed it will be added to its list to find and eliminate in the future.
Beyond that, you simply need to be cautious about what apps you install on your Android devices, even if they come from Google Play. Don't install apps with poor ratings or with low download counts. Malware-laden apps with over a million downloads are a rare occurrence, so sticking to popular apps from known developers is one of the best ways to avoid Android malware like this subscription trojan.