Over 10 Million Android Users Targeted With Premium SMS Scam Apps


A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge.

The premium SMS scam campaign — dubbed “UltimaSMS” — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland.

Automatic GitHub Backups

Although a significant chunk of the apps in question has since been removed from the Google Play Store, 82 apps continued to remain available in the online marketplace as of October 19, 2021.

Premium SMS Scam Apps

It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SMS services that can charge north of $40 per month depending on the country and mobile carrier.

“Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether,” Avast researcher Jakub Vávra said.

The UltimaSMS adware scam is also notable for the fact that it’s distributed via advertising channels on popular social media sites such as Facebook, Instagram, and TikTok, luring unsuspecting users with what the researchers say are “catchy video advertisements.”

Aside from uninstalling the aforementioned apps, users are recommended to disable the premium SMS option with the carriers to prevent subscription abuse. “Based on some of the user accounts that left negative reviews, it looks like children are among the victims, making this step especially important on children’s phones, as they may be more susceptible to this type of scam,” Vávra said.

Products You May Like

Articles You May Like

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Chinese Cyber Espionage Group Exploits Fortinet, Ivanti and VMware Zero-Days
Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware

Leave a Reply

Your email address will not be published. Required fields are marked *