Security News > 2021 > October > Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills.

All of the offerings are "Essentially copies of the same fake app used to spread the premium SMS scam campaign," Vavra explained, which he said likely indicates that one bad actor or group is behind the entire campaign.

"The apps have been most downloaded by users in the Middle East, such as Egypt, Saudi Arabia, Pakistan, followed by users in the U.S. and Poland," Vavra explained.

"The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions," Vavra wrote.

Some of the apps actually describe this intention to users in fine print; however, not all of them extend this courtesy, "Meaning many people who submitted their phone numbers into the apps might not even realize the extra charges to their phone bill are connected to the apps," he explained.

To avoid being defrauded by the UltimaSMS scam, users should follow the same common-sense vigilance and protocols for downloading and purchasing new apps: Check reviews first; read the fine print; don't enter a phone number unless you trust the app; and only use official app stores.

News URL

https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/