Trojan Apps on Google Play Caught Subscribing to Unwanted Paid Services
Antivirus provider Kaspersky has discovered 11 Trojan apps on the Google Play Store that were secretly subscribing to unwanted paid services, and saddling victims with the bill.
The malicious apps, which were downloaded 620,000 times, operated as photo editors and wallpapers, according(Opens in a new window) to Kaspersky. And while the Trojans did offer those functionalities, the apps would also secretly run and decrypt a malicious payload capable of communicating with the hacker’s command and control server.
The malware works by first identifying where the infected phone is based, along with the mobile carrier it uses. The hacker’s command and control server will then return with a page for a paid subscription service, which the Trojan will secretly open in the background through a non-visible web browser window.
The Trojan will then attempt to subscribe to the paid subscription service while intercepting any confirmation information sent to the infected phone via notifications. All the while the user itself has no idea any of this is taking place.
Kaspersky says the Trojans mainly targeted users in Asia, citing the presence of hard-coded mobile country code and network data tied to Thailand. “Thai-speaking users notably dominated the reviews for the infected apps on Google Play. This led us to believe that this particular malware targeted users from Thailand, although our telemetry showed that there had been victims in Poland, Malaysia, Indonesia, and Singapore,” the company added.
Kaspersky has dubbed the malware “Fleckpe.” The good news is that Google Play has since removed the 11 apps. But Kaspersky warns that the hackers may have circulated other unidentified malicious apps to victims.
“Affected users often
Read more on pcmag.com
