Fleeceware Apps Posing As National Postal Sites | Avast

https://blog.avast.com/fleeceware-apps-posing-as-national-postal-sites-avast

To protect against fleeceware, be sure to check out the reviews and look at the fine print regarding an apps trial period. Pay specific attention to what the app will charge and if its instantly deducted at the end of that trial period.

How to protect yourself.
As always, be cautious of websites providing giveaways, specifically when they declare to be from official federal government companies like a postal service. The traditional guidance of “if it seems too excellent to be real, its probably a rip-off” uses.
Another warning is the method which the websites strongly try to have you publicize the site by sending it to your pals and socials media. Thats a common strategy for frauds and phishing websites.
To secure against fleeceware, make sure to check out the reviews and look at the great print relating to an apps trial duration. Pay particular attention to what the app will charge and if its immediately subtracted at the end of that trial duration. Fleeceware apps generally use a totally free 3- to seven-day trial, but can require users to enter their payment info before the trial starts, and automatically charge users after the trial ends..
You ought to go in and cancel that membership right away if you do trigger an app that charges you more than you anticipate.
Finally, using antivirus software on all computers and gadgets can help obstruct and secure against malware and spam..
We have reported the fleeceware app to Googles Android security group. We block these sites for our users and have provided Cloudflare– a site dependability, security, and efficiency business– with a list of the offending sites, which they have utilized to add a phishing warning for the websites, safeguarding non-Avast users from the fraud too.

The site recommends they advertise the website even more by sharing the link to the website on the social network they specified.After doing this, the website then directs them to the fleeceware app on the Google Play Store. The app is marketed in Russian and presents itself as a postal tracking service. Its significant that this app is provided in Russian, regardless of the language of the website directing them to the app.

Then the site inquires to take a short “survey” asking if they utilize the spoofed postal service, their age, their sex, and what social media they use the a lot of..

Similar to weve seen with other fleeceware apps, the app has numerous positive and likely fake reviews.

In March 2021, we composed about “fleeceware,” mobile apps that arent malware however can charge customers high charges, often unexpectedly. In March, we found a total of 204 fleeceware apps in both the Apple App Store and Google Play Store, with over a billion downloads and over $400 million in earnings, with some apps charging as much as $3,432 per year.
In action, one concern we got a lot was, “How do individuals wind up downloading these in the first location?”
Today, we can shed more light on the problem– and at least partially respond to that concern.
Avast researcher Jakub Vavra just recently discovered deceptive websites posturing as national postal service sites in Germany, Austria, the UK, Belarus, Czech Republic, Russia, and Slovakia, as well as retail stores from the Ukraine and Russia. All of these fake websites were designed to steer unwitting consumers towards an Android fleeceware app that charges $70 each week and has been downloaded more than 50,000 times.
Remarkably, however, we discovered these websites didnt just direct people to download this fleeceware app. These websites likewise obtained from tried-and-true “chain letter scam techniques to employ visitors in assisting to advertise the sites by sharing links with good friends and on social media.
The sites do this very first by encouraging the visitor to send links to the site to 20 of their good friends or to five group talks on social networks. Below is an example spoofing the Royal Mail in the UK.

The website advises they promote the site even more by sharing the link to the site on the social network they specified.After doing this, the site then directs them to the fleeceware app on the Google Play Store. The app is marketed in Russian and presents itself as a postal tracking service. Its notable that this app is provided in Russian, regardless of the language of the site directing them to the app.