Kaspersky Lab has discovered 11 Trojan apps in the Google Play Store that offered photo and wallpaper editing for Android devices and issued paid subscriptions to users.
Although the apps performed their intended functions, they also launched a malicious payload that contacted the attacker’s command and control server. The Trojan then sent codes of the country of residence and mobile operator to the server, which responded with a paid subscription page that opened in the background. The malware tried to issue the subscription by intercepting messages with its confirmation without the user’s knowledge.
The Trojans, known as Fleckpe, downloaded around 630,000 times, mainly targeting users in Asia. The code was tied to Thailand, and most application pages had reviews from Thais, although victims from Indonesia, Malaysia, Singapore, and Poland have also been found.
The Trojans were available on Google Play Store under the following names –
- com.impressionism.prozs.app
- com.picture.pictureframe
- com.beauty.slimming.pro
- com.beauty.camera.plus.photoeditor
- com.microclip.vodeoeditor
- com.gif.camera.editor
- com.apps.camera.photos
- com.toolbox.photoeditor
- com.hd.h4ks.wallpaper
- com.draw.graffiti
- com.urox.opixe.nightcamreapro
Although Google has removed all 11 apps from the Play Store, cybersecurity experts warn that hackers may still distribute other unidentified malware. Users are encouraged to exercise caution when installing apps from unknown developers and to only download apps from legitimate app stores such as Google Play.
Users should follow a few simple rules to protect their devices from malicious apps:
- Users should download apps only from official app stores.
- Before installing the application, they should carefully read the reviews of other users and check the application’s rating.
- Users should not give applications access to personal data if it is not required for their work.
By following these rules, users can help protect themselves from malicious apps that may compromise their data.
