Fleeceware

What is Fleeceware?

Fleeceware is a type of mobile attack that can cost victims considerable money, even without any malicious code in the offending application. An app considered fleeceware typically serves a basic function, like a calculator or a custom keyboard, but charges an often exorbitant subscription fee for its use – think a $10 weekly fee or a $200 monthly fee. These fees may also be deceptively hidden under the guise of a free trial or even increased during the checkout process.

How to Recognize This Threat:

Because there is typically no malicious code involving data theft or device takeover, fleeceware apps often pass the test for app stores. Sophos found dozens of apps between the Google Play store and Apple App Store that fit this criteria in 2020. Recognizing the threat means paying very close attention to any app under consideration for a download and doing due diligence to ensure what it’s offering and the advertised cost make sense.

How to Prevent This Threat: Avoid downloading apps from little known developers unless their authenticity can be verified multiple ways and watch for prices on apps that are often free or near free from other vendors. On top of that, especially avoid agreeing to any form of recurring payment unless it is clearly legitimate.

Check your active app subscriptions both through the app stores and through your credit card statements to ensure you’re only paying for apps to which you’ve intentionally subscribed, and cancel any that shouldn’t be there. Both major mobile app stores continue to take steps to prevent fleeceware apps from making it onto their listings, so take advantage of their initial vetting. And protect your mobile device with Sophos Mobile options for added defense against fleeceware and other mobile malware.