Kaspersky Lab researchers have identified several Google Play apps that were infected with the Fleckpe Trojan. This malware quietly subscribes users to paid services and siphons funds from mobile accounts, all while staying hidden from the user and passing itself off as legitimate software.
According to findings from Kaspersky Lab, roughly 630,000 people downloaded these compromised apps. The apps functioned normally, but they secretly pulled in additional code from a remote server that turned them into Trojans. When the device connected to this server, it sent the country code and received a link to a page that initiated a paid subscription.
Subscriptions activated in the background occurred without any user notification. The warning came only after several charges appeared on the user’s expense report, sometimes after the money had already left the account.
Google has since removed the infected apps from the Play Store, and users who installed them are advised to review recent transactions and revoke any suspicious permissions or subscriptions.
As reported earlier by socialbites.ca, this incident follows a broader pattern of attackers finding ways to eavesdrop on devices and harvest data, affecting other popular products as well.
For users in North America, including Canada and the United States, staying vigilant about app permissions, reviewing device activity, and installing apps only from trusted sources remains essential to reducing risk from hidden trojans like Fleckpe.