UltimaSMS subscription fraud campaign targeted over 10 million Android users
A massive fraud campaign utilizing 151 Android apps with 10.5 million downloads was used to subscribe users to premium subscription services without their knowledge.
The campaign was discovered by the researchers at Avast and had named it ‘UltimaSMS,’ and reported 80 associated apps that they found on the Google Play Store.
Google immediately removed the apps, but the fraudsters already collected millions of dollars in fraudulent subscription charges.
The threat actors conducted the UltimateSMS campaign through 151 Android apps that pretended to be discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and more.
When launching one of these apps for the first time, it uses data from the smartphone, like the location and IMEI, to change its language to match the country.
The app would then prompt the user to enter their mobile phone number and email address to access the program’s features.
After getting the phone number and the required permissions, the app then subscribes the victim to a $40 per month SMS service from which the scammers get a cut as an affiliate partner.
According to Avast’s analysis, the authors of these apps have implemented a system that charges the victim the maximum possible amount based on their location.
Most of these apps does not provide the functions they have advertised and have numerous bad reviews on the Play Store. But their creators are still finding success through the sheer volume of submissions.
By using numerous apps for the ‘UltimaSMS’ campaign, the scammers maintained a constant stream of victims and preserved their presence on the Play Store despite the constant reporting and take-down action by Google.
According to Sensor Tower, the most affected countries are Egypt, Saudi Arabia, Pakistan, and the UAE, which cosntitute over a million victimized users. In the U.S., the number of infected devices is 170,000.
When the app is uninstalled new subscriptions will not be made but it will not prevent the existing subscription from being charged again. To avoid future charges, you have to contact your carrier and ask for a cancellation of all SMS subscriptions.
To avoid being a victim to scams of this type, ask your carrier to disable the premium SMS option for your account and avoid entering your phone number on apps that would not need this information.
The users are also highly recommended to read reviews before installing an app, and if there is repeated negative feedback, it is better to avoid it.