More than 600,000 users in Southeast Asia have been infected by the recently discovered Android malware Fleckpe through Google Play.
Security researchers are warning that two new Android trojans have been observed targeting users in Southeast and East Asia. One of them has amassed hundreds of thousands of installs via Google Play.
According to Russian cyber security company Kaspersky, the first malware family, known as Fleckpe, has been active since 2022 and spreads through malicious applications on Google Play.
The business found a total of 11 fraudulent apps in the official app store that have been downloaded more than 620,000 times. The malicious apps, which were posing themselves as smartphone wallpaper packs, picture editing programmes, and other software, have been taken down from Google Play.
When Fleckpe is executed on an affected device, a library containing a dropper is loaded. The dropper then fetches and runs a payload designed to connect to the command-and-control (C&C) server and relay data about the infected device.
The malware loads a paid subscription page from the server in an unnoticeable browser window. If a confirmation code is needed to finish the subscription process, the virus uses previously granted access to the notification area to retrieve it and input it on the page.
Though Fleckpe appears to have infected devices in Indonesia, Malaysia, Poland, and Singapore in addition to Thailand, most of its victims appear to be in Thailand.
FluHorse, the second recently discovered Trojan, is likewise spread by malicious programmes. However, unlike Fleckpe, these apps infiltrate victims' smartphones using phishing emails, according to cyber security company Check Point.
The malicious FluHorse apps imitate well-known programmes that are tailored for customers in Taiwan (a toll collection app) and Vietnam (a banking application) and have over 1 million installations in Google Play. Also observed was malware imitating a well-known transport application.
The malware was made to collect two-factor authentication (2FA) codes sent via SMS from victims and collect their credentials before sending them to its operators. The malicious programmes were spread using phishing emails that lured victims into visiting a bogus website and paying fees.
After the malicious application is installed, the victim is prompted to input their credentials and instructed to wait 10 or 15 minutes while the data is confirmed.
During this period, threat actors try to carry out illicit transactions using the credentials, and malware takes use of previously granted rights to send any SMS confirmation codes to the attackers.
The victims of FluHorse have been identified, and according to Check Point, they are a broad group that includes prominent individuals like government workers.
![](https://www.pinterest.com/pin/create/button/?url=https://thereader-digest.blogspot.com/2023/05/New%20Android%20Trojan%20Fleckpe%20%20Infecting%20Devices%20In%20Southeast%20Asia%20via%20Google%20Play.html&media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhozkA514_20Z01STN2Emh_jGlq31GjoD5B8IVlQiQ2x0IQf5zSNx-k7XwzcwJIkrMRKDhOZ0G1S2GkwQVqLBPnlbtaWynV29Vu4_5dod47VLMadBRsoXLQkIlDXg6b-b_cEW176RxHMdbwzdLzJlt57WScIQHXlcOtyS5sdUqodsQBaJOLqV2gPAL3/s320/fleckpe-android-trojan-infects-over-620000-users_en-400x225.jpg.webp&description=New Android Trojan "Fleckpe " Infecting Devices In Southeast Asia via Google Play){kind=link}
0 Comments