Over 600,000 Android users infected with malware on Google Play — delete these apps now

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Although malicious apps normally try to install malware or adware on your smartphone, a new batch of bad apps has been discovered that's actually signing users up for premium subscription services instead.

According to a new report from the cybersecurity firm Kaspersky, subscription trojans are being added to seemingly harmless Android apps in an attempt to defraud unsuspecting users.

We've seen this before with the infamous Joker and Harly malware, both of which used similar tactics to secretly subscribe users to paid services. This new subscription trojan has been dubbed “Fleckpe” by Kaspersky’s researchers and it's currently being spread through photo editing apps, smartphone wallpaper packs and other utilities for the best Android phones.

According to Kaspersky, this subscription trojan has been active since last year and so far, it has been installed on over 620,000 devices. What makes Fleckpe and other subscription trojans so dangerous though is that you might not even realize your smartphone has been infected and that you’ve been subscribed to a paid service without your knowledge. 

Delete these apps right now

Fortunately, all of the apps listed below have since been removed from the Google Play Store. However, if you have one of them installed on your smartphone, you will need to manually delete it. Here are all of the Fleckpe-infected apps that have been discovered so far:

• Beauty Camera Plus
• Beauty Photo Camera 
• Beauty Slimming Photo Editor
• Fingertip Graffiti 
• GIF Camera Editor 
• HD 4K Wallpaper
• Impressionism Pro Camera
• Microclip Video Editor 
• Night Mode Camera Pro
• Photo Camera Editor
• Photo Effect Editor

Keep in mind though that there could be other apps infected with the Fleckpe subscription trojan out there. We'll update this story if more are discovered but in the meantime, you want to make sure that none of the apps above are installed on your smartphone.

Secretly signing users up paid subscriptions

Once a user downloads a Fleckpe-infected app onto their smartphone, the trojan loads a heavily obfuscated native library that contains “a malicious dropper that decrypts and runs a payload from the app assets”.

From here, the payload contacts a command and control (C&C) server controlled by the hackers behind this campaign to send over a device’s Mobile Country Code (MCC) and Mobile Network Code (MNC), which are used to identify where the victim lives along with their mobile carrier.

The C&C server sends over a paid subscription page that is opened by the trojan in an invisible web browser. It then tries to sign the user up for a paid subscription which requires a confirmation code. As Fleckpe-infected apps ask for permission to access a user’s notifications, the trojan is able to get this confirmation code and enter it to confirm the subscription.

All of this occurs in the background and for the end user whose device is infected, the apps themselves work as they normally should to avoid giving away the trojan’s presence.

How to stay safe from malicious apps

Subscription trojans have become increasingly popular with scammers as they are comparatively easy to get onto Google Play and other official Android app stores. This is why you always need to be cautious when installing new apps.

Even if an app has a high rating and a lot of downloads, as was the case here, it could still be malicious. This is why you want to avoid installing unnecessary apps onto your devices. Before installing any new app, ask yourself first if you really need it. Paid apps are much less likely to be malicious when compared to free ones, so paying a few dollars here and there can help keep you safe.

To protect your devices further, you should ensure that Google Play Protect is enabled on your smartphone as it continually scans both new and existing apps for malware. At the same time, you may also want to install one of the best Android antivirus apps for additional protection.

In a statement to Tom's Guide, a Google spokesperson provided further details on how the search giant handles malicious apps like the ones detailed above, saying:

 "When we find apps that violate our policies, we take appropriate action. Users are also protected by Google Play Protect, which can warn users or block identified malicious apps on Android devices.”

Subscription trojans likely aren’t going anywhere anytime soon though as they can be quite profitable for scammers since most users fail to discover unwanted subscriptions right away. This is why you should regularly check for subscriptions on the Play Store by tapping your profile icon and heading to the Payments & subscriptions tab. Here you’ll find all of your subscriptions along with any you might have been subscribed to against your will.

More from Tom's Guide

• 35 million Android users hit with adware — delete these apps now
• Daam Android malware can hold your phone hostage
• Gmail adds blue checkmarks to fight phishing and scammers