Home News Malicious Fleeceware Apps Affect 3.5 Mn iPhone Users

Malicious Fleeceware Apps Affect 3.5 Mn iPhone Users

Apple App Store, Apple vulnerabilities

The researchers from SophosLabs revealed that fleeceware app developers are operating on Apple’s App Store for iPhones and iPads. They claimed that more than 3.5 million iPhone users have been impacted by the malicious fleeceware apps on their devices. The researchers observed 30 such apps in Apple’s official App Store, which are intended to make financial frauds.

What is Fleeceware?

“Fleeceware” is a term introduced by researchers at SophosLabs in September 2019. It has been named fleeceware due to its defining characteristic of overcharging users for functionality that is widely available in free or low-cost apps.

It is said that these app developers are taking advantage of Apple’s free trial period by charging an excessive amount from users when they don’t cancel the subscription. Usually, these apps charge subscription charges between $30 per month or $9 per week after a 3 to 7-day trial period. It is also suspected that these apps bought fake five-star reviews to boost their ranking on the App Store and used pay-per-install services to boost install counts to attract users.

According to the researchers, most of the fleeceware apps are image editors, horoscope/fortune telling/palm readers, QR code scanners, and face filter apps. “Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps,” the researchers said in a blog post.

They also highlighted that some app developers intentionally didn’t cancel an app’s trial period when a user uninstalled the app. An excessive amount of service continuation charges ($360 or $468 per year) were debited from the users’ saved cards for basic functionality in the apps. It is also believed that these malicious apps are gaining popularity by advertising with various social media platforms like Facebook, Instagram, TikTok, and others. Sophos also published a complete list of the malicious fleeceware apps.

Not the First Time

Earlier, Sophos discovered a set of 25 fleeceware apps on Google Play Store having more than 600 million installs. Some of these apps have close to 100 million installs, which can rival even the legitimate apps on the Google Play Store.