Security researchers from Sophos discovered a set of so-called fleeceware apps that have been installed by more than 600 million Android users.
“The total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.” reads the analysis published by Sophos.
“We have good reason to believe that the install count may have, in some cases,
Experts warn of the business model behind the Fleeceware apps that can pose significant risks to the Android users,
In September Sophos published a first report that was warning of this phenomenon, the company discovered a first set of 24 Android apps that were charging huge fees (between $100 and $240 per year) for several generic apps (i.e. QR/barcode readers).
Now Sophos discovered a new set of Android “
The fleeceware apps have a high install count, some of them have tens millions of installs, a circumstance that suggests that threat actors behind these apps may have used third-party pay-per-install services to increase the number of installed apps
“Some of these apps are very unprofessional looking. Based on past experience, it may have been the case that these app developers could have used a paid service to bloat their install counts and forge a large number of four- and five-star reviews.” continues the report. “You can identify some of these falsified user review clusters if you scrutinize the recent 5 star reviews; one-to-three word, five star reviews have a propensity to be “sockpuppet” reviews.”
Sophos has published a list of the apps classified as fleeceware.
(SecurityAffairs – fleeceware apps, fraud)