These scammy apps fool users into spending upwards of hundreds of dollars per month
Our team has identified a wave of malicious mobile applications in the Google Play Store targeting gamers, particularly fans of the popular Minecraft video game. These so-called “fleeceware” applications offer new skins, colorful wallpapers, or modifications for the game, but disproportionately charge users hundreds of dollars per month. Avast has reported seven of these apps to Google, but as of this publication, they are all still active.
Fleeceware is a relatively new category of cybercrime that offers users an attractive service, usually for a short free trial period of a few days. After that, the application will automatically and subtly begin charging excessive costs, up to $30 per week. Fraudsters expect the user to forget about the installed application and its short trial, or fail to notice the real subscription cost. It’s common for reviews to have either a 1- or 5-star review, but nothing in between (typically, the apps have a low-star rating overall).
“Scams of this nature take advantage of those who don’t always read the fine print details of every app they download. In this case, young children are particularly at risk because they may think they are innocently downloading a Minecraft accessory, but not understand or may not pay attention to the details of the service to which they are subscribing,” noted Ondrej David, malware analysis team lead at Avast. “We urge our customers to remain vigilant when downloading any app from unknown developers and to always carefully research user reviews and billing agreements before subscribing.”
If you’ve installed an app that you suspect may be fleeceware, it is not enough to uninstall the app; you must also cancel the subscription directly in the Play Store (Play Store → Menu in the upper left corner → Subscription).
For a full list of fleeceware apps that our team has reported to Google Play, check out our related press release.
In support of the International Day for the Elimination of Violence Against Women, Avast CISO Jaya Baloo describes the increased use of stalkerware during 2020 and the correlation between stalkerware and abusive relationships.
Discover how cybersecurity evolved and what prominent cyberattacks led to innovations in online protection.
Peiter Zatko, also known as the famous hacker “Mudge,” is the new head of security at Twitter, where he plans to bring creative solutions to the social platform’s notoriously poor security and preponderance of misinformation.