Avast has detected fraudulent applications using premium SMS on Google Play

Security company Avast revealed more than 150 fraudulent applications using premium SMS within the “UltimaSMS” campaign. Victims can come up to $ 40 a month depending on location and mobile operator.

Fraudulent applications were advertised on TikToku and Instagram

More than 80 apps were still available for download in the Google Play Store last week. These applications have already been removed from the store after being reported to Google’s security team. According to information from the Avast mobile threat research platform Apklab.io, the remaining 70 applications have been removed from the store in the past.

Applications were expected to have more than 10 million downloads. They were mainly downloaded by users in the Middle East, Egypt, Turkey, the USA and Poland. Czechs and Slovaks are also deceived. According to the data Sensor Tower applications were promoted by ads on social networks such as TikTok and Instagram. They pretended to be customized keyboards, QR code scanners, video and photo editors, spam blockers, camera filters and games.

After downloading the application, they will check the location of the user’s device, IMEI and phone number. This will help them determine the language in which the scam should appear. After opening the application, the user is asked to enter their phone number or e-mail address. However, by entering their personal data, they subscribe to premium SMS, which in some cases is even described in small print in the text below the Consent button.

All applications are almost identical in terms of operation, so we think that the campaign is behind a single perpetrator or a group of attackers. The person or people behind the UltimaSMS campaign seem to be very eager for money, as they also promote applications through TikTok, Instagram and Facebook, which also speaks to the size and impact of this particular strain of fraudulent malware.

Jakub Vávra, threat analyst at Avaste

How to prevent similar scams?

Jakub Vávra recommends that mobile phone users deactivate premium SMS from their operators, unless they absolutely need them. Users should also carefully review their reviews before downloading any application, as fraudulent applications often have higher rating averages but poorly written reviews, which is a clear warning signal.

Users should avoid entering personal information such as telephone numbers or email addresses. At the same time read the terms and conditions, which are often written in small print. Finally, Vávra warns against downloading applications from unofficial sites. Many of the applications that Avast has discovered are still available online outside of the Google Play store.