Despite Google’s attempts to eliminate malicious apps from its Android platform given the Google Play Store, some apps slip through. Unfortunately, they have not been successful at all. One of the apps that slipped through the security team of Google is Fleeceware.


What Is Fleeceware?


In a nutshell, Fleeceware is an application that’s quite malicious. It tricks users into paying high amounts of money for simple apps. While that sounds par for the course, the malicious element here is that the functionalities paid for in the “simple” apps are often freely available through other means.

A Sophos report has since uncovered that it’s been installed almost 600 million times on over 100 million different devices.


What Are Fleeceware Attacks?


The success of Fleeceware on the Google Play Store (instead of the Apple App Store) lies in how sneaky they are. A business model that’s widely used in the ecosystem has been taken advantage of big time. It basically allows users to download the apps for a short trial period. At that stage, things are initially for free. When the trial expires, however, if users do not explicitly say they do not want the app after the trial period has ended, the developer charges them anyway.

This model is similar to how businesses offer free trials: the burden is on the consumer to cancel the subscription if they do not want the service.

Users who end up getting “fleeced” end up dealing with a number of annoyances. Aside from getting charged pricey rates for minimal rewards, if they seek a refund, they likely won’t get it. That’s because the policies of Google Play Store are not really consumer-friendly.




Fleeceware Apps With the Joker Malware


Color Message, an Android application, was rather popular for quite some time. Unfortunately, it was discovered to house the malware known as “Joker.” A persistent threat since 2017, it was found in many applications that are common and give off a vibe of being legitimate. This includes messengers, games, wallpapers, photo editors and translators. A lot of them were deliberately created and aimed towards children in particular.

Joker apps, once installed, lead victims to end up subscribed to paid premium services that are largely unwanted. These are being controlled by attackers; researchers categorise this as billing fraud-fleeceware.

Victims usually don’t realise they have been charged exorbitantly until the phone bill comes through. At that point, it becomes nearly impossible to dispute the charges or fight them off.

Fleeceware at its very worst ends up taking on device information, exfiltrated contact lists and hides icons from the user’s home screen. The aforementioned Color Message attack, for example, had appearances of the application having connections to servers in Russia.

Needless to say, if you own an Android and have the Color Message app, you should delete it immediately and cancel your subscription.


One of the downsides of modern technology’s evolution is the likes of malware. Google’s Play Store, despite trying its best, still gets dangerous apps slipping through the cracks. Fleeceware attacks in particular are dangerous and unnecessarily expensive, “fleecing” victims through exorbitant charges after trial periods end.

Do you need cyber security assistance? Reach out to FraudWatch today! We’re a leading digital brand protection company that’s been protecting client brands globally since 2003.