Summary

Researchers at Avast have found out 151 apps that are downloadable from Google Play Store are part of the UltimaSMS campaign. It been recorded that these have been download more than 10.5 million times.

“The fake apps I found feature a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, among others. UltimaSMS appears to be a global campaign, as according to insights from Sensor Tower, a mobile apps marketing intelligence and insights company, the apps have been downloaded by users from over 80 countries.” Stated Jakub Vávra from Avasta

When the app is first launch data such as the location, IMEI, country code, language is captured. Then it’s asked to enter their phone number and email address to gain access to features. With the phone number and the permission, the victim is subscribed to a $40 per month SMS service depending on the country and mobile carrier.

“Once subscribed, the premium SMS are charged weekly and, from what I can tell, appear to be the maximum possible amount that can be charged in the country the user is from. Many countries limit the amount of premium SMS charges that can occur within a week. The user may be notified by their carrier of the excessive charges, but they could also go unnoticed for weeks or months. Affected users may dismiss the apps as nonfunctional and uninstall them, however, the SMS charges will continue and could amount up to an unpleasant sum.” Further mentioned Jakub Vávra from Avasta

Find the List of app used on the campaign

Recommendation by Avasta

• Remain vigilant
• Disable premium SMS option with your carrier.
• Carefully check reviews.
• Don’t enter a phone number unless you trust the app.
• Read the fine print before entering details.
• Stick to official app stores

Reference

• https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast