• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

What Is Fleeceware, and How Can You Protect Yourself?

by technewshero
May 2, 2020
in Security
0
Share on FacebookShare on Twitter

It’s always safer to download mobile apps from official stores like Google Play and Apple’s iOS App Store, but even then there’s still some risk that malicious apps have snuck in. You’ve already heard of spyware, adware, and malware writ large, but now there’s another flavor of sketchy app to worry about: fleeceware.

Fleeceware is tricky, because there’s typically nothing malicious in the code of the offending apps. They don’t steal your data or try to take over your device, meaning there’s nothing malware-like for Google and Apple’s vetting process to catch. Instead, these scams hinge on apps that work as advertised but come with hidden, excessive subscription fees. A flashlight app that costs $9 per week or a basic photo filters app that’s $30 per month would both be fleeceware, because you can get the same types of tools for free, or much cheaper, from other apps.

Sophos, the security firm that coined the term fleeceware, found 25 such apps on Google Play in January that had a combined total of more than 600 million downloads. At the beginning of April, the researchers highlighted 30 apps in the iOS App Store that they say fall under the category.

“In our capitalistic society, you can look at fleeceware apps and say if somebody wants to waste $500 per year on a flashlight app that’s up to them,” says Sophos senior security adviser John Shier. “But it’s just the exorbitant price that you’re being charged, and it’s not done aboveboard. That, to me, is not ethical.”

Fleeceware schemes often crop up in the same genres of apps that are used for other mobile scams and attacks. These are generally benign-looking tools like simple photo and video filters and editors, horoscope apps or fortune-telling tools, QR code and barcode scanners, or utilities like flashlights and custom keyboards. The Sophos researchers also suspect that fleeceware developers use zombie accounts to post five-star reviews or inflate their download numbers in Google Play to make their offerings look more legitimate.

Though fleeceware apps don’t grab your data or run ad fraud from your device, they often flout the standards that Apple and Google set for when and how developers can present in-app purchases and subscription fees. Some claim to offer a trial period but will prompt you to pay the first time you open the app. Others say that a subscription will be one amount in most of their app materials, but then actually charge a higher fee at checkout. And the apps also take advantage of users who don’t know how to cancel a subscription to keep charging them long after they’ve deleted the app.

“Fleeceware has been a thing for a while now using different techniques,” says Thomas Reed, an Apple security researcher at the system-monitoring firm Malwarebytes. “The App Store supports trial periods where you sign up for a subscription, and it’s free for a while, but then charges you if you don’t cancel before the end of the free period. It postpones the credit card charges in hopes the user won’t know what they are later.”

Reed points out that some iOS fleeceware apps a couple of years ago tricked users into confirming something that looked minor using Apple’s TouchID but actually approved a payment behind the scenes. Apple has since banned this type of bait and switch.

This image may contain Electronics, Computer, and Pc

The WIRED Guide to Data Breaches

Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers.

In spite of Apple’s and Google’s rules around in-app purchases, fleeceware developers can still lure people into making purchases through their Apple and Google accounts, or even just collect their credit card information directly without oversight. Sophos researchers say that many of the fleeceware apps they saw last fall charged an annual subscription, but that scammers are increasingly moving to monthly or weekly payments. That’s likely an attempt to reduce sticker shock, enable fraudsters to charge more over time, and try to make the payments blend in with the other streaming services and legitimate app subscriptions people already have.

Previous Post

Mrs. Serial Killer Review: Jacqueline Fernandez Competes With Herself for the Title of Netflix’s Worst Movie

Next Post

This Smart Pen Writing System Has 1,024 Pressure Levels

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post
This Smart Pen Writing System Has 1,024 Pressure Levels

This Smart Pen Writing System Has 1,024 Pressure Levels

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Prime Day storage deals still available on microSD cards, SSDs, hard drives and flash drives

Prime Day storage deals still available on microSD cards, SSDs, hard drives and flash drives

January 15, 2021
Atlanta-based gaming controller peripheral seller KontrolFreek has been bought by SteelSeries – TechNewHero

Atlanta-based gaming controller peripheral seller KontrolFreek has been bought by SteelSeries – TechNewHero

December 21, 2020

Someone is wrong on the Internet – TechNewHero

July 7, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?