The cybersecurity firm Avast has discovered over 200 new fleeceware applications for iOS and Android on the Apple App Store and the Google Play Store.
So far these apps have been downloaded approximately 1bn times and have accrued over $400m in revenue. While Avast has reported these fleeceware apps for review to both Apple and Google, the company has also put together a full list so that users can be aware of them and avoid downloading them onto their devices.
This new batch of fleeceware apps tries to lure in unsuspecting users with the promise of a free 3-day trial. However, once the trial is over, users are charged a recurring subscription fee even if they have deleted these apps until they cancel the subscription in their device's app subscription settings.
- We've built a list of the best Android antivirus apps available
- Keep your devices virus free with the best malware removal software
- Also check out our roundup of the best firewall
To make matters worse, these fleeceware apps are actively advertised on a variety of major social networks including Facebook, Instagram, Snapchat and even TikTok. One of the apps in question offers a short free trial followed by a $66 per week subscription which could potentially cost a victim $3,432 per year unless they cancel it.
Fleeceware apps
Avast researchers first discovered these new Android fleeceware apps using the company's mobile threat intelligence platform apklab.io. They then expanded their investigation to the Apple App Store where they found even more fleeceware.
Threat analyst at Avast Jakub Vávra provided further insight on the types of apps used in fleeceware campaigns in a blog post, saying:
"The fleeceware applications we've discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and 'slime simulators'. While the applications generally fulfil their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market.”
Vávra also noted that a big part of the fleeceware strategy is to target younger consumers on social networks with the promise of 'free installation' or 'free download'. However, by the time their parents notice the weekly payments, the fleeceware may have already cost them significant amounts of money.
To avoid falling victim to fleeceware, Avast recommends that users exercise caution with free trials that last less than a week, be skeptical of viral advertisements for apps, read the small print when installing new apps and secure their payments behind either a strong password or biometric check.
- We've also highlighted the best antivirus
