Security News > 2021 > October > Over 10 Million Android Users Targeted With Premium SMS Scam Apps

Over 10 Million Android Users Targeted With Premium SMS Scam Apps
2021-10-26 22:03

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge.

The premium SMS scam campaign - dubbed "UltimaSMS" - is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland.

Although a significant chunk of the apps in question has since been removed from the Google Play Store, 82 apps continued to remain available in the online marketplace as of October 19, 2021.

It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SMS services that can charge north of $40 per month depending on the country and mobile carrier.

"Instead of unlocking the apps' advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether," Avast researcher Jakub Vávra said.

Aside from uninstalling the aforementioned apps, users are recommended to disable the premium SMS option with the carriers to prevent subscription abuse.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/i0ZBZ5Rpq3M/over-10-million-android-users-targeted.html