Published 14:06 IST, October 1st 2019

Fleeceware apps detected on Google Play, stealing money, neutralized

New fleeceware threats have been discovered by Sophos Labs. These were reportedly overcharging users. Nature of these apps is simple. These are now neutralized.

Reported by: Tech Desk
Follow: Google News Icon
  • share
null | Image: self
Advertisement

A repository of Android apps have been discovered on Google’s Play Market whose sole purpose reportedly appears to be to severely overcharge users for mobile apps that provide very simple functionality available on low-cost or free apps. This finding coincides with National Cybersecurity Month observed during October every year. It has given rise to a new form of cyber threat called fleeceware.

Fleeceware threats  

new fleeceware has been discovered by Sophos Labs. Researchers state that app developers take vant of a business model available within Play Market ecosystem in which users can downlo and use se apps at charge for a short trial period. After expiry of trial period, if users downlo and install any of se apps, such apps charges user. For rmal apps, this costs only a fraction cost; but publishers or developers of fraudulent apps routinely charge users premium amount (Rupees, Dollars, Euros, depending on geographic region in which user resides). 

Advertisement

As far as se apps are concerned, Sophos researchers state that se do t appear to be malicious or contain malicious code; some of se apps may even have useful (if redundant) functionality. However, it’s hard to imagine that anyone who is charged hundreds of dollars for a simple barcode reer or photo filter would consider such an expense “potentially unwanted” – body desires this, obviously. Because se apps exist in a categorical grey area that is t overtly malware and reby is t a potentially unwanted app (PUA), researchers state that y hence coined term fleeceware, because ir defining characteristic is that y hugely overcharge users for functionality that’s widely available in free or low-cost apps. Sophos is even said to have shared, a list of fifteen apps exhibiting above behaviour, to Google. internet giant also reportedly removed some of se apps, from Play Store Researchers state that 14 of 15 apps intimated to Google are w removed. Because apps mselves are t found to be engaging in any kind of tritionally malicious activity, y have been found to defy  rules that would orwise make it easy for Google to justify removing m from Play Market. ir developers also seem to be very good at staying under rar from security vendors. Even so, re are or characteristics of se apps that make m less-than-desirable, inform Sophos researchers. 

 Nature of se apps is simple. In most cases, re are free alternatives from well-kwn vendors alrey available on Play Market. “ makers of an app called Professional GIF Maker charges users €214.99 when trial ends. We haven’t seen apps sold at this price before. It’s a business model that walks a fine ethical line, but it is apparently successful,” state researchers at Sophos. “Some percent of users will fail to cancel trial, even if y intend to do so, and app makers earn ir keep on backs of users who forget to unsubscribe, or ask for a refund within short window in which y can do so.” "From user reviews on Play Market store, it’s clear that many users who installed se apps and were subsequently charged extortionate fees are understandably furious. Users indicated that y were charged different amounts based on ir geographic region. Some people are asking Google to take se apps down, and some want get a refund." d researchers. (Main im credit: Pixabay). 

Advertisement

Also Re: Only 8% IT Manrs In India Seemingly Have Skilled Resources To Investigate And Respond To Cybersecurity Threats - Survey

13:10 IST, October 1st 2019