Sophos researchers have uncovered 23 very dangerous apps that steal money from users. Here's what they are
They're back, but no one missed them. What are we talking about? We're talking about "fleeceware" apps, a particular type of application that can steal more than €200 from users with a single click. Sophos researchers have uncovered 23 apps that trick users into signing up for hefty monthly subscriptions without their knowledge.
This is nothing new, we've talked about how dangerous these apps are before, but it seemed Google had managed to limit their power by changing the terms of use in the Play Store. But as the saying goes, "made the law, found the trick". According to IT researchers at Sophos, developers have discovered a flaw in the rules of Google's new store policy and have managed to publish 23 seemingly free apps, but after a certain amount of time they activate subscriptions up to a price of $249. Taken directly from the user's account. And the whole thing is legitimate: it is the user himself to authorize the payment when he installs the app, even if he is not aware of it.
What are "fleeceware" apps
They do not install any kind of virus, any malware, any spyware able to spy on the user: in the eyes of any antivirus, fleeceware apps are absolutely legitimate. But that doesn't mean they're not dangerous. The term "fleeceware", created by Sophos researchers to categorize this type of app, makes this clear.
The verb "to fleece" means "to strip", "to shear" or even "to skin". And that's exactly what fleeceware apps do: they "fleece" users out of their money to activate very expensive monthly subscriptions. And they do it without the knowledge of the person, who gets charged directly to his bank account.
How can such a thing happen? Because the developers are very good at hiding the fact that after a trial period the subscription starts automatically. The user installs the app and thinks it's free forever, but it's not. During the installation phase, the app warns the user about the automatic activation of the subscription once the trial period is over, but unfortunately very few people read the Terms of Use.
Fleeceware apps have evolved
To put an end to this scam, Google has changed the Terms of Use in recent months to make it clearer to the user when an app is on subscription after the trial period. As is often the case in these cases, however, developers have already found a way to revive fleeceware apps, using two new tactics called Blind Sub and Spam Sub.
In the first case, when a person opens one of these apps, they find a button on the home screen that says "Try for free." After pressing the button, the billing terms appear, but they don't make it very clear that after the free trial period, a paid subscription starts.
The second method, however, is even more devious. All you have to do is download an app, sign up for the service that appears to be free, and you'll see a bulk subscription activated to a number of related services that you don't even know exist. In questo modo i truffatori riescono a massimizzare il guadagno, anche se solo per un mese.
Quali sono le 23 app da cancellare subito dallo smartphone Android
Sophos ha pubblicato anche la lista delle 23 app fleeceware presenti sul Google Play Store e che non sono ancora state eliminate. Oltre al nome delle applicazioni, Sophos ha anche pubblicato il prezzo dell’abbonamento mensile o settimanale e il guadagno ricavato dalle app con questo stratagemma. Ecco la lista completa:
- com.photoconverter.fileconverter.jpegconverter – $249.99/€224.99/anno – $8k
- com.recoverydeleted.recoveryphoto.photobackup – $249.99/€224.99/anno- $60k
- com.screenrecorder.gamerecorder.screenrecording – $249.99/€224.99/anno- $10k
- com.photogridmixer.instagrid – $229.99/€219.99/anno – $5k
- com.compressvideo.videoextractor -$229.99/€219.99/anno – $10k
- com.smartsearch.imagessearch – $229.99/€219.99/anno – $30k
- com.emmcs.wallpapper – $89.99/settimana – $20k
- com.wallpaper.work.application – $89.99/settimana – $30k
- com.gametris.wallpaper.application – $89.99/settimana – $30k
- com.tell.shortvideo – $89.99/settimana -$10k
- com.csxykk.fontmoji – $89.99/settimana – $40k
- com.video.magician – $89.99/settimana – $30k
- com.el2020xstar.xstar – $89.99/settimana – $10k
- com.dev.palmistryastrology – $69.99/settimana – $5k
- com.dev.furturescope – $69.99/settimana – $90k
- com.fortunemirror – $69.99/settimana – $20k
- com.itools.prankcallfreelite – $44.99/anno – $5k
- com.isocial.fakechat – $45.99/anno – $5k
- com.old.me – $94.99/anno – $5k
- com.myreplica.celebritylikeme.pr – $12.99/€10.99/settimana – $5k
- com.nineteen.pokeradar – Pay per install
- com.pokemongo.ivgocalculator – Buggy app
- com.hy.gscanner – $79.99/anno – $5k
Come proteggersi dalla app fleeceware
Non esiste nessun tool o applicazione che vi può proteggere da questo tipo di truffa. L’unica cosa è segnalare al Google Play Store e all’App Store la presenza di questa tipologia di app quando se ne incontra una in modo che venga immediatamente cancellata.