Over 10 Million Android Users Targeted With Premium SMS Scam Apps

Cyber Security

Products You May Like

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge.

The premium SMS scam campaign — dubbed “UltimaSMS” — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland.

Automatic GitHub Backups

Although a significant chunk of the apps in question has since been removed from the Google Play Store, 82 apps continued to remain available in the online marketplace as of October 19, 2021.

Premium SMS Scam Apps

It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SMS services that can charge north of $40 per month depending on the country and mobile carrier.

“Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether,” Avast researcher Jakub Vávra said.

The UltimaSMS adware scam is also notable for the fact that it’s distributed via advertising channels on popular social media sites such as Facebook, Instagram, and TikTok, luring unsuspecting users with what the researchers say are “catchy video advertisements.”

Aside from uninstalling the aforementioned apps, users are recommended to disable the premium SMS option with the carriers to prevent subscription abuse. “Based on some of the user accounts that left negative reviews, it looks like children are among the victims, making this step especially important on children’s phones, as they may be more susceptible to this type of scam,” Vávra said.

Products You May Like

Articles You May Like

X Said to Be Developing Feature That Lets Users Disable Links in Post Replies
Amazon Prime Day 2024 Sale to Bring Discounts on OnePlus 12, MacBook Air M1, iPhone 13 and More
New Ray-Ban Meta Smart Glasses Outsell Previous Version, Says Essilux CEO
Critical Apache HugeGraph Vulnerability Under Attack – Patch ASAP
Vivo V40 Series With 5,500mAh Battery and IP68 Rating May Launch in India Soon: Report

Leave a Reply

Your email address will not be published. Required fields are marked *