The antivirus company ESET announced that its specialists detected a new fraudulent scheme on Google Play: the Pingu Cleans Up application subscribed users to an expensive service using a legitimate payment method on Google Play.
Pingu Cleans Up first appeared on the app store on February 8, 2018. It has been downloaded 50,000 to 100,000 times.
After being installed on a tablet or smartphone, the application offered to create a game character. In the first two stages, the potential victim, choosing the desired attribute, had to click the 'Confirm' button in the pop-up window.
At the last stage, a user with a bank card linked to a Google Play account saw a window similar to the previous ones. The difference is that the 'Submit' button has been changed to 'Subscribe'. By clicking on the button, the user subscribed to the cost of 5.49 euros (about 400 rubles) per week. The payment was debited from the card automatically until the subscription was canceled.
Users who did not have bank card details in their account saw another window at the third stage. They were asked to add payment method information to complete the purchase.
The scam scheme is based on the assumption that some users will click on any window that interferes with the game without reading the text. Judging by the negative reviews on Google Play, the scam works.
Following an ESET warning, Pingu Cleans Up has been removed from Google Play. Victims do not need to manually deactivate the subscription – it is automatically canceled.