A recent hack on the Google Play Store resulted in the infection of over 620,000 android devices. The virus, found in at least 11 apps mostly related to image editing and camera features, carried out fraudulent subscriptions to paid subscription services, using users' mobile data without their knowledge.
The damage caused by this virus usually went unnoticed by users until they received invoices with undue charges or noticed a rapid consumption of credits on their devices. Meanwhile, the criminals responsible for the attack benefited from the profits generated by fraudulent subscriptions to premium services.
see more
CAREFUL! These 3 plants can be toxic to your pet
Anti-radar gel: serious infraction or solution? Find out NOW!
They used affiliate links and redirects to get a share of the amounts involved, and in some cases directly controlled these services to get all the profits from the transactions fraudulent.
origin and propagation
Although the first infections occurred in countries such as Indonesia, Malaysia, Thailand, Singapore and Poland, recent analyzes indicate that the virus is spreading globally. Security firm Kaspersky has identified the malware responsible for the attack as Fleckpe, a new addition to the list of Android malware targeted at fraud of this type.
Although it started circulating at the end of last year, Fleckpe has only recently been fully analyzed and documented.
Below is the list of apps involved in the infections:
- com.impressionism.prozs.app
- com.picture.pictureframe
- com.beauty.slimming.pro
- com.beauty.camera.plus.photoeditor
- com.microclip.vodeoeditor
- com.gif.camera.editor
- com.apps.camera.photos
- com.toolbox.photoeditor
- com.hd.h4ks.wallpaper
- com.draw.graffiti
- com.urox.opixe.nightcamreapro
The entire fraudulent enrollment process took place in the background without the user's knowledge. In case any additional confirmation or download was needed, Fleckpe was also able to perform these actions and intercept notifications, making the fraud noticeable only when it was too late too much.
precautionary measures
While all apps have been removed from the Google Play Store, those who have already installed them remain at risk. Therefore, Kaspersky recommends uninstalling these solutions and performing a security check on the Android, through antivirus apps capable of identifying the presence of malware on devices Android.
If undue charges occur, it is important to contact the operator to try to cancel the fraudulent subscriptions.
In addition, it is essential to be aware of suspicious behavior on smartphones, such as the appearance of unknown icons or the sudden increase on battery drain, mobile data usage or excessive processing usage as these can be signs of erratic second activity flat.
To ensure safety, it is highly recommended to download apps only from trusted sources and well-known developers. Conducting an internet search can help distinguish between legitimate and malicious applications.
Furthermore, it is advisable to exclusively use official stores to download applications. It is also important to check the permissions requested by the applications and assess whether they comply with the functionality of the installed application.