More than 30 apps in the App Store of Apple, found to contain Fleeceware, malicious software used for financial scams.
The creators of malware exploited Apple’s ability to test applications for free. In case a user installed one of the infected applications but did not cancel the subscription, the malicious agents charged a large amount.
Applications that contained Fleeceware
According to Sophos, 30 apps on Apple’s official App Store contained Fleeceware and charged a subscription of between $ 30 per month and $ 9 per week after a trial period of 3 or 7 days.
If one of these applications remained on the device for more than a year, users could be charged from $ 360 to $ 468. These applications do not include separate features, only those that are usually offered in free or other paid applications.
Many of these apps were advertised for free on the App Store, and when users installed them, a “free trial” alert appeared. These notifications also required users to provide payment card details and in most cases, the applications could only be used after registration.
“Some users can sign up for an app without reading the notification, which includes the actual cost of the subscriptions,” says Sophos.
Apple’s app store doesn’t know how many users have installed the app, but many of them are on the list of top apps.
Earlier, Sophos also discovered applications with Fleeceware on the Google Play Store, which caused several financial scams against users. It was estimated that these applications had been downloaded more than 600 million times.
Some of these applications were discovered to be transferring texts typed by users to servers located in China .
These applications also received five-star ratings. It seems that their creators were somehow able to manipulate the reviews.
Here you can find the complete list of malicious applications with Fleeceware.