According to the report from Kaspersky, two new Android trojans have been discovered recently, posing a threat to users in Southeast Asia and East Asia. One of these trojans, named Fleckpe, has been circulating since 2022 and has amassed hundreds of thousands of installations through Google Play. Kaspersky has identified 11 malicious applications on the official app store, with over 620,000 installations in total. These apps masqueraded as photo editing utilities, smartphone wallpaper kits, and similar software but have now been removed from Google Play.
Fleckpe loads a library on the infected device, which includes a dropper. This dropper retrieves and executes the payload to establish a connection with the Command and Control (C&C) server and sends information about the infected device. When the server responds with a paid subscription page, the trojan loads that page in an invisible browser window. If the subscription process requires a verification code, the malicious software leverages the previously requested notification access permission to retrieve it and input it into the page to complete the subscription process.
The majority of Fleckpe’s victims appear to be in Thailand, but this malicious software has also spread to devices in other countries such as Indonesia, Malaysia, Poland, and Singapore.
The second newly discovered malicious software is named FluHorse, and it is also distributed through malicious applications. However, according to the cybersecurity company Check Point, these applications differ from Fleckpe in that they use phishing emails to reach the victims’ devices.