New Android malware known as “Fleckpe” subscribes users to premium services without their knowledge, with hackers receiving a share of the fee through the unauthorized monthly or one-time subscriptions.
Reported by Kaspersky, the new family of Trojan subscribers trick users into downloading the Android apps found on the official Google Play Store by being disguised as legitimate apps. Cybersecurity experts found 11 apps infected with Fleckpe and are claimed to have been downloaded more than 620,000 times.
The Fleckpe malware is said to have been active since 2022, targeting users in Thailand, Poland, Malaysia, Indonesia and Singapore. However, the apps could also infect users from around the globe.
Here’s a list of the apps known to be infected with Fleckpe.
|Name of apps||Status|
Kaspersky notes that “all of the apps had been removed from the marketplace.” However, the cybersecurity company also states that threat actors could have deployed more Fleckpe-infected apps, so there could be a higher number of installations.
Once the Fleckpe app launches, it runs a payload from assets by loading a obfuscated library containing malicious code. The payload contacts the attacker’s command and control (C2) server to send information about the device, with the C2 responding with a website address containing the Trojan. It opens a hidden web browser and then subscribes the unsuspecting victim to a serivce.
The apps themselves work as normal for the user, which varies from 4K wallpapers, picture editors and more. This isn’t the first time a subcription-based malware has infiltrated the Google Play Store, as other notable Android malware include Joker and Harly. Whatever the case, you’ll want to make sure you never encounter this kind of malware by getting one of the best antivirus software.
How to remove Fleckpe malware on Android
While the malicious apps have now been removed from Google Play, more undiscovered Android apps with the Fleckpe malware could be around. If you have any of the apps above or experience any suspicious behaviour from an app, you should get rid of the app safely.
Here’s a way to get rid of dangerous apps on your Android device safely. For more ways, check out our guide on how to remove malware on Android.
Safely remove an app on Android
- On your Android, press the necessary buttons to turn off your device.
- Tap and hold the Power off icon.
- Press OK to reboot to safe mode. This will restart your device.
- Once restarted, head to Settings.
- Navigate to Apps.
- Select any suspicious apps you wish to remove.
- Tap Uninstall. Restart your device to go back to normal mode.
Clear cache on Android
Clearing your browser and app cache on your Android device will help minimize the effects of malware. Apps and browsers store your online activities, and malicious software like adware can use this to cause more harm. Clearing cache can also help clear up space on your Android, boosting the device’s performance.
- To clear app cache, head to Settings on your Android.
- Select Storage and choose Apps.
- Select an app.
- Tap Clear cache.
Many Android owners use Google Chrome as their default browser. Here’s how to clear cache in Chrome on Android.
- On your Android, open Chrome.
- Tap the three vertical dots in the upper-right corner.
- Select Settings.
- Tap Privacy and security.
- Select Clear browsing data.
- To just clear cache, uncheck Browsing history and Cookies and site data.
- Tap Clear data.
Use antivirus software to protect your device
Simply put, the best way to get rid of malware is to use the best antivirus software.
There are many free malware removal apps that will dispatch malicious software on your device, but it’s a good idea to make sure these tools are trustworthy, as hackers can also disguise these apps on the Google Play Store to deploy even more malware.
The best antivirus apps come with a suite of security features that can get rid of virus, malware, ransomware, spyware or any malicious software that burrows into your Android. Some antivirus software, such as Bitdefender, offers security subscriptions specifically for Android, making it a more cost-effective option for those that only need Android protection.
We also recommend free apps from known cybersecurity companies, including Avast One, AVG and Malwarebytes Mobile Security. These will detect and remove malware on your Android. Check out our thoughts on each antivirus below.