These scammy apps fool users into spending upwards of hundreds of dollars per month
Our team has identified a wave of malicious mobile applications in the Google Play Store targeting gamers, particularly fans of the popular Minecraft video game. These so-called “fleeceware” applications offer new skins, colorful wallpapers, or modifications for the game, but disproportionately charge users hundreds of dollars per month. Avast has reported seven of these apps to Google, but as of this publication, they are all still active.
What is fleeceware?
Fleeceware is a relatively new category of cybercrime that offers users an attractive service, usually for a short free trial period of a few days. After that, the application will automatically and subtly begin charging excessive costs, up to $30 per week. Fraudsters expect the user to forget about the installed application and its short trial, or fail to notice the real subscription cost. It’s common for reviews to have either a 1- or 5-star review, but nothing in between (typically, the apps have a low-star rating overall).
“Scams of this nature take advantage of those who don’t always read the fine print details of every app they download. In this case, young children are particularly at risk because they may think they are innocently downloading a Minecraft accessory, but not understand or may not pay attention to the details of the service to which they are subscribing,” noted Ondrej David, malware analysis team lead at Avast. “We urge our customers to remain vigilant when downloading any app from unknown developers and to always carefully research user reviews and billing agreements before subscribing.”
How to protect yourself against suspicious apps
If you’ve installed an app that you suspect may be fleeceware, it is not enough to uninstall the app; you must also cancel the subscription directly in the Play Store (Play Store → Menu in the upper left corner → Subscription).