Avast researchers discovered the campaign, dubbed ‘UltimaSMS,’ and reported 80 associated apps found on the Google Play Store. While Google quickly removed the apps, the malicious actors  are likely to have accumulated millions of dollars in false subscription charges.

The UltimateSMS campaign was carried out by threat actors using 151 Android apps that pretended to be discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters and other things.

When you first launch one of these apps, use data from the smartphone such as the location and IMEI to change the language to match the country. To access the program’s features, the app would then prompt the user to enter their mobile phone number and email address.

Avast’s Analysis that , “Upon entering the requested details, the user is subscribed to premium SMS services that can charge upwards of $40 per month depending on the country and mobile carrier. Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether.”

The fake apps primary intention  is to trick users into signing up for premium SMS subscriptions. While some of the apps include fine print informing users of this, not all of them do, which means that many people who entered their phone numbers into the apps may not be aware that the extra charges to their phone bill are related to the apps.

According to Sensor Tower, the most affected countries are Egypt, Saudi Arabia, Pakistan, and the UAE, all counting over a million victimized users. In the U.S., the number of infected devices is 170,000.

How to Avoid UltimaSMS Scams and Other Similar Scams

  1. Maintain awareness when installing new apps
  2. Disable the premium SMS option with your carrier.
  3. Examine the reviews thoroughly.
  4. Entering a phone number is only safe if you trust the app.
  5. Before entering any information, make sure to read the fine print.
  6. When downloading apps, only use official app stores.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s