Avast researcher discovered a massive fraud campaign utilizing 151 Android apps with more than 10 million downloads used to subscribe users to premium subscription services without their knowledge.
The apps have been most downloaded by users in the Middle East, such as Egypt, Saudi Arabia, Pakistan, followed by users in the US and Poland. Avast has traced the earliest samples to May 2021 and new samples from the campaign were released earlier this month, meaning that the scam is still ongoing.
Researchers at Avast discovered the campaign, naming it ‘UltimaSMS,’ and reported 80 associated apps that they found on the Google Play Store.
How UltimaSMS scams users
When a user installs one of the apps, the app checks their location, International Mobile Equipment Identity (IMEI), and phone number to determine which country area code and language to use for the scam. Once the user opens the app, a screen, localized in the language their device is set to, prompts them to enter their phone number, and in some cases, email address to gain access to the app’s advertised purpose.
Upon entering the requested details, the user is subscribed to premium SMS services that can charge upwards of $40 per month depending on the country and mobile carrier.
Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether. The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions. While some of the apps include fine print describing this to users, not all of them do, meaning many people who submitted their phone numbers into the apps might not even realize the extra charges to their phone bill are connected to the apps.
Once subscribed, the premium SMS is charged weekly and appears to be the maximum possible amount that can be charged in the country the user is from. Many countries limit the amount of premium SMS charges that can occur within a week. The user may be notified by their carrier of the excessive charges, but they could also go unnoticed for weeks or months. Affected users may dismiss the apps as nonfunctional and uninstall them, however, the SMS charges will continue and could amount up to an unpleasant sum.
While uninstalling the app will prevent new subscriptions from being made, it will not prevent the existing subscription from being charged again. To avoid future charges, you need to contact your carrier and ask for a cancellation of all SMS subscriptions.
