A global fraudulent operation was discovered that used 151 malicious Android applications with 10.5 million downloads among them to trick people into paying for premium subscriptions without their consent or knowledge.
Dubbed UltimaSMS, this scam campaign started in May 2021. It included applications for keyboards, QR code scanners, video editors, picture editors, spam call blockers, camera filters, and games, among other categories.
Users in Egypt, Pakistan, Saudi Arabia, the United States, the United Arab Emirates, Turkey, Oman, Qatar, Kuwait, and Poland downloaded most malicious apps.
Even though a large number of applications in question have subsequently been deleted from the Google Play Store, 82 apps were still accessible as of October 19, 2021.
It begins with the applications asking users their phone numbers and email addresses to access the offered features. The victims pay premium SMS services that may cost upwards of $40 per month depending on the country and cellular carrier.
According to Avast researcher Jakub Vávra, instead of accessing the apps’ claimed features, as users may expect, the apps will either offer further SMS subscription alternatives or cease to function thoroughly.
Researchers added that the UltimaSMS adware fraud is especially unique for being spread through advertising channels on prominent social media sites like Facebook, Instagram, and TikTok, enticing unwary users with “catchy video commercials.”
Users should stop the premium SMS option with carriers and delete the aforementioned applications. Vávra said that children appear to be among the victims, based on some user identities that wrote unfavorable reviews, making this step especially critical for children’s phones, as they may be more susceptible to this sort of fraud.