Avast has discovered a fleeceware in the Google Play store, that fans of the popular video game Minecraft downloaded 5,000,000 times. They offer new skins, colourful wallpapers or mods for the game, but the subscription price is hundreds of dollars a month.
Researchers notified Google about seven fleeceware applications, but at the time of publication of the report, all of them were still active (you can see the list below).Let me remind you that fleeceware applications exploit legal loopholes associated with the trial period mechanism. So, if after the end of the free period the user simply deletes such an application without cancelling the subscription, the money for using it will continue to be debited from the account.
For example, Android apps discovered last year were installed more than 600,000,000 times, ignored deletion and the end of the trial period, and continued to charge users a lot of money (from $100 to $240 per year) for basic tools such as QR code scanners and calculators. Gaming is a popular arena for fleeceware as add-on skins, wallpapers, virtual items, and mods may be highly sought by dedicated users. Some games — such as Fortnite — offer digital bolt-ons through in-game currency and features, and third-party developers may also try to capitalize on a game’s popularity to make an extra dollar or two.
Researchers have now discovered new “gaming” apps that follow the same pattern, but offer a three-day free trial. The app then automatically charges an additional fee of up to $ 30 per week without alerting the user.
Scammers hope that the user will forget about the installed application and its short trial version, or will not notice the real cost of the subscription. There are no average ratings in the reviews for such an app – mostly it is worth either 1 star or 5 – and its overall rating is very low.
The report notes that simply removing the fleeceware application is not enough. You also need to unsubscribe directly from the app store (Google Play → menu in the upper left corner → Subscriptions).
Specialists have detected the following malicious fleeceware applications in GooglePlay:
Let me remind you about Syrk ransomware that attacks cheaters in the Fortnite game.