Tuesday, November 26, 2024
HomeAdware204 Fleeceware Apps Generated over $400 million in Revenue on the Apple...

204 Fleeceware Apps Generated over $400 million in Revenue on the Apple App Store and Google Play Store

Published on

The cybersecurity researchers at Avast have recently found a total of 204 Fleeceware apps with a billion downloads and nearly $400 million in revenue from the Apple App Store and Google Play Store.

Technically if we say, then Fleeceware apps are not malware, as they don’t contain any malicious code to steal data and hack the device. 

Their main motive is to attract every user into a free trial so that they can “test” the app, and later, they secretly overcharge the user or the victim by their subscriptions that run as high as $3,432 per year.

- Advertisement - SIEM as a Service

In short, they trick their victims into installing a free “trial” and then charge large amounts for a “subscription.” Apparently, this method of generating income from apps continuously gaining high popularity among threat actors. 

According to the report presented by Avast, in total there are 134 applications were found in the Apple App Store with 500 million downloads, which brought a hefty revenue of more than $365 million to their developers.

While in the case of Google Play Store, there are 70 Fleeceware applications were discovered with more than 500 million downloads, which brought the developers $38.5 million in revenue.

How does Fleeceware work?

Fleeceware is one of the mobile apps, that has the most expensive subscription fees. There are several application that provides a free trial to draw the attention of the users, but in the case of Fleeceware is not same.

But, here, the main goal of Fleeceware is that it generally takes advantage of users who are not familiar with how subscriptions work especially on mobile devices.

It means that users can be imposed even after they have destroyed the offending application. However, the most important thing is that if the user deletes the application without cancelling the subscription within their device’s app market settings, they will continue charging you for the same.

So, the developers will generate income from their creations, and this is completely legal. But, it can be difficult for general users to figure out how to avoid these subscription fees.

Fake ads and Reviews

The most interesting fact is that this application is also available for official advertisement channels so that it can spread the Fleeceware scheme.

These developers of these applications are actively promoting these apps on major social networking platforms (Facebook, Instagram, Snapchat, and TikTok). 

Due to the scheme’s productive nature, most of the threat actors or malicious developers are is likely investing plentiful amounts of money to enhance the further development of these apps.

Avoiding Fleeceware Scams

The cybersecurity researchers have stated some key points to avoid Fleeceware scams, and here we have mentioned them below:-

  • Be careful with free trials of less than a week
  • Read the fine print
  • Be skeptical of viral advertisements
  • Shop around
  • Secure your payments
  • Discuss the dangers of Fleeceware with your family

How to cancel or end your subscription?

In the case of iOS, users need to follow the steps that are mentioned below:-

  • Initially open the settings.
  • Now you have to tap on your name.
  • Then you have to select the Subscription option.
  • After that, you have to select the desired subscription that you want.
  • Lastly, you have to select the cancel subscription option.
  • That’s it.

In the case of Android, users need to follow the steps that are mentioned below:-

  • First of all, you have to open the Google play store.
  • Now you have to check whether you are signed with the correct Google account or not.
  • Then you have to select the Three Lined menu from the upper right corner.
  • After that, you have to select the subscription that you desire.
  • Lastly, select the cancel subscription option to cancel.
  • That’s it.

Apart from this, both Google and Apple are not accountable for returns after a specific period of time. Moreover, both the companies may wish to refund as a goodwill gesture in several cases.

According to the reviews, it suggests that the Fleeceware devices either neglect the complaints or the claim users should have known about the subscription fees.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload...

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions...

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload...

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions...

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...