Cybersecurity experts discovered hundreds of fleeceware mobile applications on the Apple Store and Google Play Store tricking thousands of unwitting users into paying unnecessary subscription fees. Security researchers from Avast found over 204 fleeceware apps with nearly a billion downloads. Threat actors reportedly earned around $400 million by spreading fleeceware apps on different app markets.
- Nearly 134 apps were spotted on the iOS platform, which had 500 million downloads with projected revenues of $365 million.
- Around 70 fleeceware apps have been identified with 500 million downloads with projected revenues of $38.5 million on Google Play Store.
- Most fleeceware apps are circulated as astrology, horoscopes, musical instrument apps, QR code/PDF document scanners, cartoon creation, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, video clip editing apps, and slime simulators.
- Users are charged as much as $66 per week, totaling $3,432 per year. Most of the discovered applications range from $4 to $12 per week, which equates to $208 to $624 per year.
“With nearly a billion downloads and hundreds of millions of dollars in revenue, this model is attracting more developers and there is evidence to suggest several popular existing apps have updated to include the free trial subscription with high recurring fees. Unfortunately, this endeavor can be lucrative even if a small percentage of users fall victim to fleeceware,” Avast said.
What are Fleeceware Apps
“Fleeceware” is a term introduced by SophosLabs in September 2019. It has been named fleeceware due to its defining characteristic of overcharging users for functionality that is widely available in free or low-cost apps. Though these apps do not cause harm to the victims’ devices or data, they trick users into a free trial and later overcharge them through subscriptions and simply perform fleeceware scams.
How Fleeceware Apps work
Typically, fleeceware apps target individuals who are not familiar with subscriptions on mobile devices. The apps charge them even after they’ve deleted the apps from the device.
- Fleeceware apps lure consumers with a promise of a free three-day trial.
- The apps attach a subscription fee that commences at the end of the trial.
- Once the trial is over, the user is charged a recurring high subscription fee, which eventually goes to malicious app developers.
These apps continue to take advantage of consumers and charge from their saved cards, even after they have deleted the offending apps. It is also believed that these malicious apps are gaining popularity by advertising on various social media platforms such as Facebook, Instagram, and TikTok.
“Uninstalling the application doesn’t cancel the subscription — as a result, the user is likely to be charged further until they cancel the subscription within their device’s app market settings. There’s also the possibility that users forget to cancel the free trial, resulting in inexpensive fees. Either way, these scams make use of deceptive behavior that relies on the user not being informed about how subscriptions work and draw them into the scheme through a free trial,” Avast added.
Fleeceware App Prevention
Avast researchers recommended certain security measures to stay cautious about fleeceware apps. These include:
- Be careful with free trials of less than a week
- Read the fine print
- Be skeptical of viral advertisements
- Shop around
- Secure your payments
- Discuss the dangers of fleeceware with your family
What to do if you fall victim to fleeceware apps?
On iOS platform
- Open settings
- Tap on your Name
- Select the Subscription option
- Select the desired subscription that you want to end
- Tap on the cancel subscription
On Android platform
- Open Google play store
- Check whether you are signed in with the correct Google account
- Select the Three Lined menu from the upper right corner
- Select the subscription that you want to cancel
- Tap on the cancel subscription option