[ad_1]
Cybersecurity firm Sophos has released a report called Don’t Let Fleeceware Sneak Into Your iPhone, shows
how Apple device users are being attacked by apps that
overcharge users through expensive subscriptions or unscrupulous in-app
purchases
Sophos calls this type of application “fleeceware” and researchers have found more than 30 fleeceware iOS applications available on the Apple App Store. Among them, they appear to have been installed about 3.6 million times, according to publicly available data.
The fleece
apps include image editors, horoscope / divination / palm reader, QR
barcode / barcode scanner and face filter applications, with some weekly charges
subscriptions of $ 9.99 (or $ 520 a year).
Sophos first alerted mobile device users to fleeceware in September 2019, when it found a number of apps available for Android phones. In January 2020, researchers published another article, Fleeceware Apps Persist on the Play Store, detailing the discovery of 20 other apps of this type, with nearly 600 million alleged installations between them, as reported by Google Play.
“The primary goal of the iOS fleeceware apps we found appears to be to overload users,” says Jagadeesh Chandraiah, senior security researcher at SophosLabs and author of the report. As was the case with Android apps discovered in 2019, app developers take advantage of the monetization practices widely used by legitimate free apps, but take them one step further.
“For example, in the hands of the fleece
app developers, short free trials followed by a monthly subscription
soon they will add hundreds of dollars a year in charges, and in the application
purchases turn out to be essential for a good functionality of the application
than optional enhancements or extras.
“Fleeceware
apps are not officially malicious but are unethical and take advantage of
consumer confidence with devious techniques designed to make money. They
seems to encourage unsuspecting users to install them through
aggressive online advertising and what are probably false five-star reviews. ”
Sophos provides the following tips for mobile phone users:
- Just install apps from trusted and official app stores like Apple App Store and Google Play – security researchers and others regularly report rogue or malicious apps.
- Despite that, always be vigilant when installing apps, just install the ones that you are familiar with and carefully scrutinize the ones that are new or that you have heard about through in-app advertising.
- Know how to unsubscribe: simply removing the app from your phone is not enough. The best online instructions are on the Apple support page and on the Google Play Store support page
- Have an effective security solution that will alert you to dubious apps before they can cause harm. For example, Sophos Intercept X for mobile devices is available for free on the Apple App Store and Google Play
For additional information, see the SophosLabs article.
