Avast, a global leader in digital security and privacy products, has identified a wave of malicious mobile applications in the Google Play Store targeting gamers, particularly fans of the popular Minecraft video game.
These so-called “fleeceware” applications offer new skins, colorful wallpapers, or modifications for the game, but disproportionately charge users hundreds of dollars per month. Avast has reported seven of these apps to Google, but as of this publication they are all still active.
Fleeceware, a relatively new category of cybercrime, offers users an attractive service, usually for a short free trial period of three days. After that, the application will automatically and subtly begin charging excessive costs, up to USD $30 (AUD $40/NZD $44) per week.
Fraudsters expect the user to forget about the installed application and its short trial, or fail to notice the real subscription cost. The reviews will have many 1 or 5 star reviews but nothing in the middle, with a low star rating overall.
“Scams of this nature take advantage of those who don’t always read the fine print details of every app they download. In this case, young children are particularly at risk because they may think they are innocently downloading a Minecraft accessory, but not understand or may not pay attention to the details of the service to which they are subscribing,” noted Ondrej David, malware analysis team lead at Avast.
“We urge our customers to remain vigilant when downloading any app from unknown developers and to always carefully research user reviews and billing agreements before subscribing.”
If you have installed an app that you suspect may be fleeceware, it is not enough to uninstall the app; you must also cancel the subscription directly in the Play Store (Play Store → Menu in the upper left corner → Subscription).
Examples of these apps, and how much they cost the average consumer, are below. For more information, see Avast’s website.