The C&C server sends over a paid subscription page that is opened by the trojan in an invisible web browser. Once a user downloads a Fleckpe-infected app onto their smartphone, the trojan loads a heavily obfuscated native library that contains “a malicious dropper that decrypts and runs a payload from the app assets”.įrom here, the payload contacts a command and control ( C&C) server controlled by the hackers behind this campaign to send over a device’s Mobile Country Code (MCC) and Mobile Network Code (MNC), which are used to identify where the victim lives along with their mobile carrier. Secretly signing users up paid subscriptions We'll update this story if more are discovered but in the meantime, you want to make sure that none of the apps above are installed on your smartphone. Keep in mind though that there could be other apps infected with the Fleckpe subscription trojan out there.
0 Comments
Leave a Reply. |