“The apps have been most downloaded by users in the Middle East, such as Egypt, Saudi Arabia, Pakistan, followed by users in the U.S. For instance, they tend to include generic privacy policy statements and feature basic developer profiles including generic email addresses, as well as numerous negative reviews that identify them as fraudulent.Ĭiting insights from mobile marketing intelligence firm Sensor Tower, he said the campaign appears to be global, ensnaring users from more than 80 countries. While the apps are advertised with profiles that seem legitimate, closer inspection points to something more suspicious, Vavra observed. Google has since removed the flagged apps from the store, but there are likely others he said indeed, Google Play persistently has been plagued by fake apps spreading malware.Īll of the offerings are “essentially copies of the same fake app used to spread the premium SMS scam campaign,” Vavra explained, which he said likely indicates that one bad actor or group is behind the entire campaign.
“The fake apps I found feature a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, among others,” Vavra wrote in the post.Įssentially, the campaign - which appears to have started in May and is ongoing - is comprised of at least 151 apps that at one point or another have been available on the Google Play Store collectively they’ve been downloaded more than 10.5 million times. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaSMS because one of the first apps he discovered being used to scam people was called Ultima Keyboard Pro, he said in a blog post published Monday.
Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills.