More than 30 fleeceware apps are available at the App Store and these appear to have been installed 3.6 million times on unsuspecting Apple device users, according to the latest SophosLabs report titled “Don’t Let Fleeceware Sneak into Your iPhone.”

Sophos, a next-generation cybersecurity solutions company, said the fleeceware apps include image editors, fortune-telling, barcode scanner, and face filter apps among others, that charge weekly subscriptions of $9.99 or around $520 a year. The first looked into the fleeceware in September 2019 and immediately affected Android phone users.

The security researchers quickly published the paper titled “Fleeceware Apps Persist on the Play Store,” detailing the discovery of another 20 such applications, with nearly 600 million alleged installations between them, as reported by Google Play.

Have you read “Sophos sees spike in COVID-19, coronavirus email, phishing scams“?

“The main purpose of the iOS fleeceware apps we found seems to be severely overcharging users,” said Jagadeesh Chandraiah, senior security researcher at SophosLabs and the report author. “As was the case with the Android apps discovered in 2019, the app developers take advantage of monetization practices widely used by legitimate free apps but take them one step further. For example, in the hands of the fleeceware app developers, short free trials followed by a monthly subscription soon add up to hundreds of dollars a year in charges, and in-app purchases turn out to be essential for good app functionality rather than optional enhancements or extras.

Not malicious

Sophos said fleeceware apps are “not officially malicious” but it deceives consumers into installing the app “through aggressive online advertising and what are likely to be fake five-star reviews.”

Sophos’ advises smartphone and other mobile devices users to be more discerning in what they install.

• Only install apps from official and trusted app stores like the Apple App Store and Google Play — malicious or unscrupulous apps are regularly reported to them by security researchers and others
• Despite that, always remain vigilant when installing apps, only install those you are familiar with, and carefully scrutinize those that are new or which you have heard about through in-app advertising
• Know how to cancel subscriptions – just deleting the app from your phone is not enough. The best online directions are on Apple’s support page and Google’s Play Store support page
• Have an effective security solution in place that will alert you to dubious applications before they can do any harm. For example, Sophos Intercept X for Mobile is available for free on the Apple App Store and Google Play.