Thursday, March 28, 2024

204 Fleeceware Apps Generated over $400 million in Revenue on the Apple App Store and Google Play Store

The cybersecurity researchers at Avast have recently found a total of 204 Fleeceware apps with a billion downloads and nearly $400 million in revenue from the Apple App Store and Google Play Store.

Technically if we say, then Fleeceware apps are not malware, as they don’t contain any malicious code to steal data and hack the device. 

Their main motive is to attract every user into a free trial so that they can “test” the app, and later, they secretly overcharge the user or the victim by their subscriptions that run as high as $3,432 per year.

In short, they trick their victims into installing a free “trial” and then charge large amounts for a “subscription.” Apparently, this method of generating income from apps continuously gaining high popularity among threat actors. 

According to the report presented by Avast, in total there are 134 applications were found in the Apple App Store with 500 million downloads, which brought a hefty revenue of more than $365 million to their developers.

While in the case of Google Play Store, there are 70 Fleeceware applications were discovered with more than 500 million downloads, which brought the developers $38.5 million in revenue.

How does Fleeceware work?

Fleeceware is one of the mobile apps, that has the most expensive subscription fees. There are several application that provides a free trial to draw the attention of the users, but in the case of Fleeceware is not same.

But, here, the main goal of Fleeceware is that it generally takes advantage of users who are not familiar with how subscriptions work especially on mobile devices.

It means that users can be imposed even after they have destroyed the offending application. However, the most important thing is that if the user deletes the application without cancelling the subscription within their device’s app market settings, they will continue charging you for the same.

So, the developers will generate income from their creations, and this is completely legal. But, it can be difficult for general users to figure out how to avoid these subscription fees.

Fake ads and Reviews

The most interesting fact is that this application is also available for official advertisement channels so that it can spread the Fleeceware scheme.

These developers of these applications are actively promoting these apps on major social networking platforms (Facebook, Instagram, Snapchat, and TikTok). 

Due to the scheme’s productive nature, most of the threat actors or malicious developers are is likely investing plentiful amounts of money to enhance the further development of these apps.

Avoiding Fleeceware Scams

The cybersecurity researchers have stated some key points to avoid Fleeceware scams, and here we have mentioned them below:-

  • Be careful with free trials of less than a week
  • Read the fine print
  • Be skeptical of viral advertisements
  • Shop around
  • Secure your payments
  • Discuss the dangers of Fleeceware with your family

How to cancel or end your subscription?

In the case of iOS, users need to follow the steps that are mentioned below:-

  • Initially open the settings.
  • Now you have to tap on your name.
  • Then you have to select the Subscription option.
  • After that, you have to select the desired subscription that you want.
  • Lastly, you have to select the cancel subscription option.
  • That’s it.

In the case of Android, users need to follow the steps that are mentioned below:-

  • First of all, you have to open the Google play store.
  • Now you have to check whether you are signed with the correct Google account or not.
  • Then you have to select the Three Lined menu from the upper right corner.
  • After that, you have to select the subscription that you desire.
  • Lastly, select the cancel subscription option to cancel.
  • That’s it.

Apart from this, both Google and Apple are not accountable for returns after a specific period of time. Moreover, both the companies may wish to refund as a goodwill gesture in several cases.

According to the reviews, it suggests that the Fleeceware devices either neglect the complaints or the claim users should have known about the subscription fees.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles