Scammers found a new way to make money on Google Play

Sophos researchers discovered fraudulent applications on Google Play that make money by deceiving hundreds of dollars from victims’ accounts. Attackers lure the audience with a free trial period, after which they deduct money from the user, even if he deleted the program.

Experts have counted at least 15 such applications in the official Android store – QR scanners, calculators, photo editors and other utilities. All of them are absolutely legitimate from a legal point of view – do not contain hidden opportunities and perform the declared functions. They cannot be attributed to malware, so the researchers proposed the concept of fleeceware.

“Already at the first launch, such applications require the user of these cards. The notification informs of a certain free period – in most cases it is three days. However, the developers are silent about the fact that removing the application is not equivalent to refusing a paid subscription”, – warn Sophos researchers.

The mechanics used by the scammers, experts say, do not technically violate the Google Play policy. The catalog rules do not limit the cost of additional services and allow the developer to transfer the user to a paid subscription after a specified trial period.

Google Play’s policies states that “normally [the company] will not return funds to users.” Customers are entitled to request a refund within 48 hours after purchase. After that, such issues have to be addressed directly with the developer, who can return the money, “if this does not contradict its rules and applicable laws.” In the case of fleeceware, this option is obviously unpromising.

Therefore, all that remains for the victims is to leave negative reviews on the application pages – among them can be seen complaints about the loss of significant sums. As the researchers indicate, given the number of downloads, this can provide scammers a solid profit, even if a small fraction of users fall into deception.

Read also: Hackers conducted a devastating DDoS attack on an African provider

The experts reported the issue to the Google Play administrators, after which they removed the bulk of the fraudulent programs. Nevertheless, there are still a lot of similar applications in the store, among them there are utilities with 5-10 million downloads, and the cost of a subscription after a trial period varies from 100 to 200 euros.

According to experts, the only way out is to introduce a rule that prohibits developers from setting prohibitive prices for virtually free services without unique features.

Everything that happened continues a series of incidents on Google Play, in somw way connected with the activity of cybercriminals. Over the past month, two adware malwares were removed from the store: the previously unmet BRATA Android backdoor and the Necro.n Trojan downloader with 100 million downloads. Earlier this year, researchers found an Exodus spy in the store, which had been available to users for three years.