Sophos, a renowned cybersecurity company specializing in delivering cybersecurity as a service, has recently uncovered a disturbing trend in the mobile app world. According to their latest report titled “‘FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” Sophos X-Ops has identified several apps disguising themselves as legitimate ChatGPT-based chatbots in order to overcharge users and generate substantial profits. These fraudulent apps have infiltrated both the Google Play Store and the Apple App Store, tricking unsuspecting users into subscribing to expensive services that can cost hundreds of dollars annually, all while offering minimal functionality and bombarding users with incessant ads.
The rise of these deceptive applications, referred to by Sophos as “fleeceware,” is a testament to scammers’ perpetual quest to exploit the latest technology trends for personal financial gain. With the growing interest in artificial intelligence (AI) and chatbots, many users turn to trusted app stores to download applications that appear to offer ChatGPT-like features. Exploiting this demand, fleeceware apps employ aggressive advertising tactics to coerce users into subscribing without paying attention to the exorbitant costs or unwittingly forgetting about their subscription altogether. These apps are deliberately designed to lose their appeal once the free trial period ends, prompting users to uninstall the app while remaining obligated to monthly or weekly payments.
Sean Gallagher, Principal Threat Researcher at Sophos, emphasized the significance of these fleeceware apps, stating, “These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription.” Gallagher further explained the deceptive nature of these applications, cautioning users to be vigilant and mindful of the fine print and subscription details.
Sophos X-Ops conducted an investigation into five of these ChatGPT fleeceware apps, all claiming to be powered by ChatGPT’s algorithm. One app named “Chat GBT” leveraged the ChatGPT name to enhance its visibility and ranking in the Google Play Store and Apple App Store. While OpenAI provides the basic functionalities of ChatGPT for free online, these fleeceware apps charged users anywhere from $10 per month to a staggering $70 per year. For instance, the iOS version of “Chat GBT,” known as Ask AI Assistant, imposed a subscription fee of $6 per week or $312 per year after a brief three-day free trial. In March alone, this app generated $10,000 in revenue for its developers. Another app, called Genie, enticed users to subscribe for $7 weekly or $70 annually and raked in a staggering $1 million in just one month.
The defining traits of fleeceware apps, originally discovered by Sophos in 2019, include overcharging users for services that are readily available for free elsewhere, employing coercive tactics to persuade users into subscribing, and offering limited functionality and excessive ads during the free trial period. These apps often suffer from poor implementation and subpar performance even after users upgrade to the paid versions. Furthermore, they manipulate their ratings on app stores through fake reviews and persistent requests for user ratings, even before the app has been utilized or the free trial ends.
Gallagher commented on the regulatory aspect, stating, “Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during review.” While both Google and Apple have implemented stricter guidelines to curb fleeceware since Sophos first reported on such apps in 2019, developers continue to find ways to circumvent
these policies, such as severely limiting app functionality until users pay. Despite the removal of some ChatGPT fleeceware apps mentioned in the report, new ones continue to emerge, and it is expected that more will surface in the future. Educating users about the existence of these apps and urging them to read the fine print before subscribing is the best defense against fleeceware. Users can also report suspicious apps to Apple and Google if they suspect unethical practices being employed by developers to turn a profit.
Sophos has reported all the identified apps to Apple and Google. For users who have already downloaded these apps, it is crucial to follow the guidelines provided by the respective app stores on how to “unsubscribe.” Deleting the fleeceware app alone will not terminate the subscription, so users must take the necessary steps to avoid continued charges.
As the threat of fleeceware looms, it is essential for users to exercise caution when downloading and subscribing to apps. Diligently reading reviews, checking the details of the subscription, and being aware of potential scams are integral to safeguarding personal finances and protecting against deceptive practices in the app marketplace.
Share with your friends:
You must log in to post a comment.