Google Play Store is being flooded with SMS scam apps
Scammy apps also advertised on TikTok and Instagram
Criminals flooded the Google Play Store with scam applications that surreptitiously signs users into premium SMS services.
Researchers by asecurity vendor Avast discovered a campaign it has named UltimaSMS, which so far has uncovered 150 scammy apps.
According to Avast, the apps have been collectively downloaded over 10 million times, and can cost victims, who are not rewarded any type of return, upwards of $40 per month, depending on their location and mobile carrier.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
“The apps are all nearly identical in terms of how they function, which leads me to believe that a single actor or group of bad actors is behind the campaign,” said Jakub Vávra, threat analyst at Avast.
Disguised as legitimate apps
Avast’s research has revealed that the apps disguise themselves as custom keyboards, QR code scanners, video editors and photo editors, spam call blockers, camera filters, and mobile games, among others.
Vávra says the apps promote themselves via ads on social media networks, such as TikTok and Instagram, which he believes is a telling sign about the size and impact of this particular campaign.
Once downloaded, the apps check the users’ device location, IMEI, and phone number to determine in which language to display the scam.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The apps are disguised as genuine apps through well constructed app profiles on the Play Store….However, when taking a closer look, they have generic privacy policy statements, feature basic developer profiles including generic email addresses,” explains Vávra.
Avast reported the scammy apps to Google’s Security Team, which resulted in their swift removal from the Play Store.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.