Users were unwittingly subscribed to expensive subscription services in a large fraud effort involving 151 Android apps with 10.5 million downloads.
Avast researchers identified the campaign, which they named ‘UltimaSMS,’ and located 80 related apps on the Google Play Store.
Despite the fact that Google promptly removed the apps, the scammers are likely to have made millions of dollars in fake membership charges.
-It all begins with a telephone number:
The threat actors used 151 Android apps that appeared to be discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and more to carry out the UltimateSMS campaign.
Use data from the smartphone, such as the location and IMEI, to change the language to match the country when starting one of these apps for the first time.
To use the program’s functionality, the user would be prompted to input their cell phone number and email address.
After obtaining the victim’s phone number and granting the necessary permissions, the app enrols the victim in a $40 a month SMS service, from which the scammers profit as an affiliate partner.
The authors of these programmes have built a mechanism that charges the victim the most amount feasible based on their location, according to Avast’s investigation.
Despite the fact that most of these apps don’t provide the stated functionality and have received several negative ratings on the Play Store, their authors have found success due to the sheer volume of submissions.
The scammers were able to maintain a steady influx of victims and keep their presence on the Play Store despite Google’s constant reporting and take-down action by deploying such a huge variety of apps for the ‘UltimaSMS’ campaign.
According to Sensor Tower, Egypt, Saudi Arabia, Pakistan, and the United Arab Emirates are the most afflicted countries, with over a million customers affected in each. There are 170,000 infected devices in the United States.