Scam ALERT! 10 million users targeted by 151 fraudulent Android apps
Consumers were duped and charged for premium subscription packages without their knowledge or consent via 151 fraudulent Android applications having 10.5 million downloads.
The “UltimaSMS” premium SMS scam is believed to have started in May 2021 and engaged a wide range of apps, such as keyboards, QR code scanners, video and image editors, spam call blockers, camera filters, and games. A significant proportion of the illegitimate apps were installed by users in Pakistan, Saudi Arabia, Egypt, the UAE, the US, Poland and various Middle-eastern regions.
The scam begins with the apps requesting users’ phone numbers and email addresses in order to gain accessibility to the applications’ features. However, users were made to spend for premium SMS services, costing over $40 (around Rs 3,000) monthly, based on the location and the mobile carrier.
While a significant majority of these apps concern had been removed from the Google Play Store, 82 applications were still active as of October 19, 2021.
According to the researchers, the UltimaSMS adware deception is particularly distinct. It is disseminated via marketing networks on widely used social media sites such as Facebook, Instagram, and TikTok. They attract unsuspecting victims with “catchy video commercials”.
To avoid subscription fraud, users are recommended to cancel the premium SMS service with the operators as well as uninstall the related applications.
Experts explained that rather than unlocking the applications’ stated functions; they display additional SMS subscription options or quit working completely.
“Based on some of some of the user accounts that left negative reviews, it looks like children are among the victims, making this step especially important on children’s phones, as they may be more susceptible to this type of scam,” an analyst called Jakub Vávra with cybersecurity firm Avast revealed.