A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge.
The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland.
Although a significant chunk of the apps in question has since been removed from the Google Play Store, 82 of them have continued to remain available in the online marketplace as of October 19, 2021.
It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SMS services that can charge north of $40 per month depending on the country and mobile carrier.
"Instead of unlocking the apps' advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether," Avast researcher Jakub Vávra said.
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
The UltimaSMS adware scam is also notable for the fact that it's distributed via advertising channels on popular social media sites such as Facebook, Instagram, and TikTok, luring unsuspecting users with what the researchers say are "catchy video advertisements."
Aside from uninstalling the aforementioned apps, users are recommended to disable the premium SMS option with the carriers to prevent subscription abuse. "Based on some of the user accounts that left negative reviews, it looks like children are among the victims, making this step especially important on children's phones, as they may be more susceptible to this type of scam," Vávra said.