"Google Play Witnessed 600K Installations of New Android Malware Fleckpe"

Fleckpe, a new Android subscription malware, has been downloaded over 620,000 times. According to researchers, Fleckpe is now among other infamous Android spyware, such as Jocker and Harly, that enrolls users in premium services to generate illegal payments. Threat actors profit from illicit subscriptions by receiving a portion of the premium services' monthly or one-time membership payments. Most of Fleckpe's victims are in Thailand, Malaysia, Indonesia, Singapore, and Poland. Eleven Fleckpe Trojan apps masquerading as image editors, photo libraries, and premium wallpapers were discovered on Google Play. The malicious apps demand access to notification content in order to get subscription confirmation codes for various premium services. When a Fleckpe app is launched, a payload containing malicious code is decoded and executed. This payload sends the Mobile Country Code (MCC) and Mobile Network Code (MNC) of the newly infected device, along with other basic information, to the threat actor's command-and-control (C2) server. Then, in an unnoticed web browser window, the malware visits the URL supplied by the C2 and registers the victim for a premium service. If a confirmation code is needed to finalize the subscription, the malware will retrieve it from the device's notifications and insert it on the hidden screen. The app provides users with the advertised functionality while concealing malicious intent and reducing the likelihood of suspicion. This article continues to discuss findings regarding the new Android subscription malware Fleckpe. 

CyberIntelMag reports "Google Play Witnessed 600K Installations of New Android Malware Fleckpe"