Search This Blog

Powered by Blogger.

Blog Archive

Labels

UltimaSMS Premium Fraud Campaign Exploits Millions of Android Devices

Fraudsters used 151 Android apps to trick users from over 80 countries.

 

Avast researchers have unearthed a global SMS premium fraud campaign on the Google Play Store, dubbed UltimaSMS. Scammers used 151 Android apps with 10.5 million downloads from over 80 countries to trick users into signing up for premium services that can cost up to Rs.3,000 per month depending on their cell carrier and location. 

Scammers used a fake photo editor, spam call blockers, camera filter, games, and other apps and promoted them via Instagram and TikTok channels. Such phony apps were downloaded in large numbers by people in Pakistan, Saudi Arabia, Egypt, UAE, USA, Poland, and many countries in the Middle East. After discovering the fraud, Google has banned 150 malicious apps and also removed them from its PlayStore. 

Upon installing the malicious apps, scammers analyze the user’s location, International Mobile Equipment Identity (IMEI), and phone number to determine the language in which they must communicate with the user. When a user opens the app, a screen is displayed that requests user to enter their phone number, and in some cases, email address to secure access to the app’s advertised service or product. 

Avast researchers named the fraud campaign “UltimaSMS” because one of the first app researchers discovered in May 2021 was called Ultima Keyboard 3D pro. 

“Upon entering the requested details, the user is subscribed to premium SMS services that can charge upwards of $40 per month depending on the country and mobile carrier. Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether.” reads the blog post published by Avast.” The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions.”

Tips to protect yourself from fraudulent SMS apps 

• Deactivate the premium SMS option from your carrier. Deactivating this option will nullify the UltimaSMS scam. 
• Make sure to read the reviews before downloading any such app. Reading reviews can help you find out the intent of the app. 
• Unless you trust the app, don't register your mobile number. 
• Read every notification that comes up while installing the app carefully and give any permission only after reading.
Share it:

Fraud Campaign

Malicious Android Apps

Mobile Security

Phony Apps

User Privacy