Google PlayThe infamous Joker Fleeceware threat is now back in Google Play along with other Android mobile Trojans

Fleeceware is a recently coined term that refers to a mobile application that comes with excessive subscription fees. Most applications include a short free trial to draw the user in. The application takes advantage of users who are not familiar with how subscriptions work on mobile devices, meaning that users can be charged even after they’ve deleted the offending application. Several Android mobile Trojans, including Joker (aka Jocker), are circulating in the wild that surreptitiously sign users up for paid services and take a cut for the scammers from the money that is billed. Many of these are getting around Google Play's official app store security measures.

About the Malware

Researchers from Kaspersky who’ve been monitoring these most up-to-date so-called “fleeceware” threats for the previous several months say the malware is usually able to bypass bot detection mechanisms on websites for paid providers, and might even subscribe unsuspecting cell machine customers to the scammers’ non-existent providers.

The malware is usually hidden inside in any other case benign cell functions corresponding to healthcare apps, picture editors, and fashionable video games on Google’s Play cell app retailer and different shops. The weaponized apps hold resurfacing virtually as shortly as they’re detected and eliminated, Kaspersky stated.

Lots of the functions ask for permission to enter the person’s notifications and messages. If these permissions are granted, the malware then intercepts and hijacks messages containing affirmation codes for his or her subscription, subsequently leaving the customers unaware they’d simply been subscribed to a paid service.

Researchers at Avast have discovered a total of 204 fleeceware applications with over a billion downloads and over US$400 million in revenue on the Apple App Store and Google Play Store. The purpose of these applications is to draw users into a free trial to “test” the app, after which they overcharge them through subscriptions which sometimes run as high as US$3,432 per year. These applications generally have no unique functionality and are merely conduits for fleeceware scams. Avast has reported the fleeceware applications to both Apple and Google for review.

The fleeceware applications discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and ‘slime simulators’. While the applications generally fulfill their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market.

Both Google and Apple have implemented numerous measures over the years to prevent scammers from uploading malware to their respective mobile app stores. While the measures have helped limit malicious apps to a certain extent, security vendors have continued to find malware in these stores regularly. Just last month, for instance, Google scrambled to remove at least six applications masquerading as legitimate antivirus tools that were, in reality, being used to drop a banking Trojan called SharkBot. Check Point estimated the malware tools were downloaded more than 15,000 times before Google removed them from Google Play.