Security News > 2021 > October > Millions of Android users targeted in subscription fraud campaign
A massive fraud campaign utilizing 151 Android apps with 10.5 million downloads was used to subscribe users to premium subscription services without their knowledge.
Researchers at Avast discovered the campaign, naming it 'UltimaSMS,' and reported 80 associated apps that they found on the Google Play Store.
While Google quickly removed the apps, the fraudsters likely ammassed millions of dollars in fraudulent subscription charges.
The threat actors conducted the UltimateSMS campaign through 151 Android apps that pretended to be discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and more.
Having the phone number and the required permissions, the app then subscribes the victim to a $40 per month SMS service from which the scammers get a cut as an affiliate partner.
While uninstalling the app will prevent new subscriptions from being made, it will not prevent the existing subscription from being charged again.