Android users have been urged to delete ‘malicious’ apps from their phones that have been secretly signing them up for paid subscriptions.
Security firm Kaspersky found 11 apps on the Google Play Store with snazzy designs and logos that are actually a devious new type of malware, called Fleckpe.
The apps, which are mostly related to photo and video editing, have names including Photo Effect Editor and Beauty Slimming Photo Editor.
While they’ve now been removed from Google Play, they have already been installed on more than 620,000 devices worldwide and been used to take users’ money without permission.
Although Apple devices are unaffected because they use a different app store, the tech giant recently had to issue a security update of its own.
The apps, which are mostly related to photo and video editing, have names including Photo Effect Editor and Beauty Slimming Photo Editor
According to Kaspersky, this particular new type of malware is being distributed as a Trojan – a type of seemingly innocuous software that later reveals its malicious intent.
DELETE these Android apps from your device
It has provided a list of the 11 apps’ package names – the code that uniquely identifies each one on devices and the Google Play store.
Anyone with the 11 apps installed on their phone or tablet should delete them without delay, because they sign users up to a paid subscription option without their knowledge.
‘Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first,’ said Dmitry Kalinin, developer at Kaspersky, in a report.
‘Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy.
‘This kind of malware often finds its way into the official marketplace for Android apps.
‘Our latest discovery, which we call “Fleckpe”, also spreads via Google Play as part of photo editing apps, smartphone wallpaper packs and so on.’
Kaspersky thinks this particular malware has targeted users from Thailand, although there have also been victims in Poland, Malaysia, Indonesia and Singapore.
Security firm Kaspersky found eleven Fleckpe-infected apps on Google Play that have been installed on more than 620,000 devices
Kaspersky has provided a list of the apps’ package names – the code that uniquely identifies each one on devices and the Google Play store
Data suggests the Fleckpe malware has been active since 2022, and although the apps have since been removed from Google Play, they will still be present on thousands of Android devices.
MailOnline has contacted Google for comment.
‘All of the apps had been removed from the marketplace by the time our report was published,’ Kalinin said.
‘But the malicious actors might have deployed other, as yet undiscovered, apps, so the real number of installations could be higher.’
The expert described how each of the apps secretly installs a payload that is able to open a paid subscription page in an ‘invisible’ web browser.
The Trojan opens the page in this browser and attempts to subscribe on the user’s behalf without them knowing.
‘The victim proceeds to use the app’s legitimate functionality – for example, installs wallpapers or edits photos, unaware of the fact that they are being subscribed to a paid service,’ Kalinin said.
In recent years, subscription Trojans like these have only gained in popularity with scammers, the expert concluded.
‘Their operators have increasingly turned to official marketplaces like Google Play to spread their malware,’ he said.
‘Growing complexity of the Trojans has allowed them to successfully bypass many anti-malware checks implemented by the marketplaces, remaining undetected for long periods of time.’
Malware – a catch-all term for any type of malicious software – has been used to steal data, spy on citizens and attack national infrastructure (file photo)
‘Affected users often fail to discover the unwanted subscriptions right away, let alone find out how they happened in the first place.
‘All this makes subscription Trojans a reliable source of illegal income in the eyes of cybercriminals.’
Kalinin said Android users should ‘be cautious with apps’ even though they look legitimate and are on Google Play.
Users should also avoid giving permissions to apps that they ‘should not have’ and install an antivirus product capable of detecting this type of Trojans.
Some of these apps can even look legitimate but may have been hijacked so that they can be modified to steal private information.
According to another security firm called MalwareFox, cyber criminals can download apps from Google’s store and manipulate them.
Last year, Google warned that a type of spyware – software that steals information from a device – was used by the Italian and Kazakhstani governments to spy on private messages.
Google warns of SPYWARE being used by foreign governments to hack into Apple and Android phones and snoop on citizens’ activities
Google warned of spyware being used by foreign governments to hack into Apple and Android phones and snoop on users’ activities.
The ‘spyware’ – software that steals information from a device – was created by Milan-based company RCS Lab, Google and security firm Lookout said.
RCS Lab spyware has allegedly been used by the Italian and Kazakhstani governments to spy on private messages and contacts stored on their citizens’ smartphones.
RCS Lab is an example of a ‘lawful intercept’ company that claims to only sell to customers with legitimate use for surveillance, such as intelligence and law enforcement agencies.
But in reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials, security experts say.
It’s thought RCS Lab’s spyware, nicknamed ‘Hermit’, is distributed via SMS messages that appear to come from legitimate sources.