Android users have been urged to remove “malicious” apps from their phones that secretly signed them up for paid plans.
Security firm Kaspersky found 11 apps in the Google Play Store with snazzy designs and logos that are actually a crafty new type of malware called Fleckpe.
The apps, mostly related to photo and video editing, have names like Photo Effect Editor and Beauty Slimming Photo Editor.
Although they have now been removed from Google Play, they have already been installed on more than 620,000 devices worldwide and used to take money from users without permission.
While Apple devices are unaffected because they use a different app store, the tech giant recently had to release a security update of its own.
The apps, mostly related to photo and video editing, have names like Photo Effect Editor and Beauty Slimming Photo Editor
According to Kaspersky, this particular new type of malware is distributed as a Trojan horse — a type of seemingly harmless software that later reveals its malicious intent.
UNINSTALL these Android apps from your device
– com.photo.photo frame
– com.beauty.camera.plus.photo editor
– com.toolbox.photo editor
It has provided a list of the 11 apps’ package names – the code that uniquely identifies each across devices and the Google Play Store.
Anyone who has installed the 11 apps on their phone or tablet should uninstall them immediately as they sign users up for a paid subscription option without their knowledge.
“Occasionally someone comes across malicious apps on Google Play that seem harmless at first glance,” said Dmitry Kalinin, a developer at Kaspersky, in a report.
Some of the most troublesome of these are subscription Trojans, which often go undetected until the user discovers that they have been charged for services they never intended to buy.
“This kind of malware often finds its way into the official marketplace for Android apps.
“Our latest discovery, which we call “Fleckpe,” is also spreading through Google Play as part of photo editing apps, smartphone wallpaper packs, and so on.”
Kaspersky believes this particular malware is targeting users from Thailand, although victims have also been reported in Poland, Malaysia, Indonesia and Singapore.
Security company Kaspersky found eleven Fleckpe-infected apps on Google Play installed on more than 620,000 devices
Kaspersky has provided a list of the apps’ package names – the code that uniquely identifies each on devices and in the Google Play Store
Data suggests that the Fleckpe malware has been active since 2022, and while the apps have since been removed from Google Play, they will still be present on thousands of Android devices.
MailOnline has contacted Google for comment.
“All apps had been removed from the market by the time our report was published,” Kalinin said.
“But the malicious actors may have deployed other undiscovered apps, so the actual number of installs may be higher.”
The expert described how each of the apps secretly installs a payload that can open a paid subscription page in an “invisible” web browser.
The Trojan opens the page in this browser and attempts to subscribe on behalf of the user without their knowledge.
“The victim continues to use the app’s legitimate functionality, such as installing wallpapers or editing photos, without knowing that they have subscribed to a paid service,” Kalinin said.
Trojans like this have only become more popular with scammers in recent years, the expert concluded.
“Their operators are increasingly turning to official marketplaces like Google Play to distribute their malware,” he said.
“The increasing complexity of the Trojans has allowed them to successfully bypass many of the anti-malware checks implemented by the marketplaces and remain undetected for a long time.”
Malware – a collective name for any type of malicious software – has been used to steal data, spy on citizens and attack national infrastructure (file photo)
Affected users often don’t discover the unwanted subscriptions right away, let alone find out how they originated in the first place.
“All this makes subscription Trojans a reliable source of illegal revenue in the eyes of cybercriminals.”
Kalinin said Android users “should be careful with apps,” even if they look legitimate and are on Google Play.
Users should also avoid giving permission to apps they ‘shouldn’t have’ and install an anti-virus product that can detect this type of Trojans.
Some of these apps may even look legitimate, but may have been hijacked so that they can be modified to steal private information.
According to another security company called MalwareFox, cybercriminals can download apps from the Google Store and manipulate them.
Last year, Google warned that a form of spyware — software that steals information from a device — was being used by the Italian and Kazakh governments to spy on private messages.
Google warns of SPYWARE used by foreign governments to hack Apple and Android phones and spy on citizens’ activities
Google warned of spyware used by foreign governments to hack into Apple and Android phones and spy on users’ activities.
The “spyware” — software that steals information from a device — was created by Milan-based company RCS Lab, according to Google and security firm Lookout.
RCS Lab spyware was allegedly used by the Italian and Kazakhstan governments to spy on private messages and contacts on their citizens’ smartphones.
RCS Lab is an example of a “legal intercept company” that claims to sell only to clients that are legitimately used for surveillance, such as intelligence and law enforcement agencies.
But in reality, such tools have often been misused under the guise of national security to spy on business leaders, human rights activists, journalists, academics and government officials, security experts say.
Nicknamed “Hermit,” RCS Lab’s spyware is believed to be distributed via text messages that appear to come from legitimate sources.