The apps are available on the Apple App Store as Beetle VPN, Buckler VPN, and Hat VPN Pro, Avast said.
These three apps have been downloaded over 420K, 271K, and 96K times, respectively, between April 2019 and May 2020, according to data from Sensor Tower, a mobile apps marketing intelligence and insights company.
“Fleeceware apps fall into a gray area, because they are not malicious per se, they simply charge users absurd amounts of money for weekly, monthly or yearly subscriptions for features that should be offered at much lower costs,” Nikolaos Chrysaidos, Head of Mobile Threats & Security at Avast, said in a statement.
“In this case, the VPNs are being sold for $9.99 (USD) a week, when trustworthy VPNs cost ten times less,” Chrysaidos said.
The apps’ all have high ratings, ranging from 4.6 to 4.8, and include enthusiastic reviews, all similarly written, which Avast considers may potentially be fake.
In between the rave reviews, there are a few reviews warning of the scams. The apps’ privacy policies also have very similar language and structure.
Avast said its researchers installed the three apps and successfully purchased subscriptions to each app. However, when they tried to use the VPNs, the apps only provided subscription options again.
After attempting to purchase the subscriptions again, the researchers were notified they already have a subscription and thus were unable to establish a VPN connection using any of the apps.