Press releases

Chain Message Scam Mimics European Postal Services and Spreads Fleeceware

Avast has discovered a fraud campaign that attempts to trick people into downloading and paying for a fleeceware app that costs $70 a week

Avast has discovered a fraud campaign that attempts to trick people into downloading and paying for a fleeceware app that costs $70 a week


Prague, Czech Republic, November 3, 2021 - Avast (LSE:AVST), a global leader in digital security and privacy, has discovered fraudulent sites masquerading as national postal services from Austria, Belarus, Czech Republic, Germany, Russia, Slovakia, and the UK, as well as retail shops from the Ukraine and Russia. The sites claim to offer people a cash prize of up to €10,000 if they answer a short survey, share the site link with 20 friends or five chat groups on popular messaging apps or on Facebook, and as a final step encourage victims to download a fleeceware app charging $70 a week. 

The fleeceware app, which Avast has reported to Google’s security team, has been downloaded more than 50,000 times. Avast users are protected from the scam, and the company has also notified Cloudflare of the list of websites that were using their performance and security services. Cloudflare did not host these websites, but was able to place a phishing warning in front of them. As a result, non-Avast users are also protected at this time.

What does the scam look like?

The localized sites are being spread via social networks such as Facebook, and chat apps like WhatsApp, Viber, and Telegram, luring people in with the possibility of winning a large cash prize if they send the link to their contacts. Users are told they can instantly win the prize by responding to a short survey which asks them if they use the imitated postal service, their age, their sex, and which social media they use the most, before recommending they share the chain message in order to claim the prize. 

The real prize: a fleeceware app

After the user sends out the links to their contacts, they are redirected to a fleeceware app on the Google Play Store. The app, which is advertised in Russian, poses as a postal tracking service. After downloading it, the victim is offered a paid version of the app, which costs $70 per week; this offer is written in English. The app’s only purpose is to deduct money from the victims' bank account.

“This type of fraud is all the more dangerous because it uses the social ties of its victims to spread. People don’t expect to receive scams from friends or family, and therefore might be more likely to fall for the scam, especially considering the sites look like they come from trusted services,” said Jakub Vávra, threat analyst at Avast. “This may be further enhanced by the localization of all the websites. What is surprising is that the fleeceware app is not localized and appears generic in comparison to the websites. Of note is that it does have overly positive and likely fake reviews in English on its profile. It is possible the scammers were planning on replacing the final payload with another app or something more malicious,” continued Vávra.

How users can recognize scams

Vávra warns users that if an offer seems too good to be true, it is most likely a scam, as in this case where unlikely organizations such as national postal services are offering large sums of cash to people if they simply answer four short questions, and share a link with friends. Furthermore, scams need to spread in order to thrive. Therefore, users should be wary of any type of messaging attempting to encourage them to forward messages to friends and family. In order to check if an offer is a scam or not, Vávra says users should go to the source by contacting the organization via their social media networks and support portals advertised on their website. Finally, he recommends having antivirus software installed on all devices, which can detect and block phishing sites, protecting people from the threat before any potential harm can be done. 

How users can recognize fleeceware apps

Fleeceware apps appear in various forms and can imitate any category of application, but are commonly apps with simple features that are normally offered for a low price or for free. Vávra points out that reviews for fleeceware apps tend to be fake while those which are genuine are from users revealing the fraudulent and often broken nature of the app, or its intent to charge people large sums of money surreptitiously. Fleeceware apps usually offer a free three-to seven-day trial, but can require users to enter their payment information before the trial begins, and automatically charge them once the trial ends. Users should carefully read what happens after an app’s trial period ends and how much an app will charge after a free trial period, checking if the charge will be automatically deducted from their card on an ongoing basis, unless they cancel the subscription. 

 

Screenshots from a fleeceware app. Above the "Continue" button, fine print describes the subscription model 

 

Screenshot showing fake reviews left on the fleeceware app’s profile on the Google Play Store

-ENDS-

For more information on this announcement visit:
https://blog.avast.com/introducing-avast-one-avast

http://press.avast.com/en-gb/avast-introduces-avast-one