Google recently removed 151 SMS apps from its Play Store. These apps are hidden in popular keyboard, camera filters and other utility apps. Part of the UltimaSMS campaign, these apps sign users for expensive premium SMS services. The scam apps have been discovered by cyber security company Avast, 82 of these were found on Play Store. The Avast report says that these apps were downloaded more than 10.5 million times worldwide, and were nearly identical in structure and functionality. Here’s how these apps work, steal users’ money and other details.
These apps are hidden in photo editor, camera filter, games and other apps
If you think that these apps are found as SMS apps, then you got it wrong. These fraud apps are from a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters and games, among others. Many of these apps are also advertised on Instagram and TikTok.
All apps are largely identical in structure
Secretly accessed Android user’s data including location and phone’s IMEI number
When a user installs one of these 151 apps, the app checks their location, International Mobile Equipment Identity (IMEI), and phone number. This information is then used to determine which country, area code and language to use these details to dupe the user
Stole user’s mobile number and email address to gain access to their phone
As a user opens the downloaded app, a screen prompts them to enter their phone number, and in some cases, email address to gain access to the app’s advertised purpose.
These apps subscribe users to premium SMS service without their consent/knowledge
Upon entering the requested details, the user is automatically subscribed to premium SMS services. Cost of these services can go as high as $40 (approx. Rs 3,000) per month depending on the country and mobile carrier.
Affected user may or may not get notification about these charges
While some of the apps include fine print and may reflect in the final phone bill, others may not even do so. This means that many people who submitted their phone numbers into the apps might not even realize that money is being deducted from their linked financial accounts.
Users keep getting charged for the subscription even after they uninstall the app
Once subscribed, the premium SMS services will keep charging money from users’ account. Uninstalling the app may not help as the charges continue to be deducted.
These scam SMS apps have duped users in over 80 countries
As per Avast, these apps have been downloaded most by users in the UAE, Egypt, Saudi Arabia, Pakistan, the US and Poland. There are chances that some users in India too may have downloaded them.