The applications attract users with a promise of a free 3-day trial, with an unusually high subscription fee attached. Once the trial is over, users are charged a recurring subscription fee – even if they deleted the app by that time – until they cancel the subscription in their device’s app subscriptions settings. One of the apps, for example, offers a short free trial followed by a $66 (4,795.61 INR) per week subscription, potentially costing the victim $3,432 (2,49,403.78 INR) per year unless cancelled.
Avast’s Threat Analyst Jakub Vávra, “The fleeceware applications we’ve discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and ‘slime simulators’. While the applications generally fulfil their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market,”
Avast researchers discovered the Android fleeceware applications via its mobile threat intelligence platform apklab.io, and then expanded their research to the Apple App Store.