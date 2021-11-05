Google Confirms That a Horrible New Scam Is Originating in the Google Play Store.

Google has acknowledged that millions of Android users in 80 countries have downloaded Play Store-approved harmful malware disguised as legal apps, unaware that they contain scams that fool users into activating premium SMS subscriptions that charge consumers up to $40 monthly.

Following the scam’s discovery, cybersecurity firm Avast published a blog post detailing threat actors’ and hackers’ new methods of operation. UltimaSMS is a fraud campaign that comprises of 151 apps that were once available for download on the Google Play Store.

These apps have been downloaded over 10.5 million times and are basically clones of the same bogus apps that spread the premium SMS scam previously. The “false apps I discovered” include “custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, among other things,” according to the blog post.

“Those in the Middle East, such as Egypt, Saudi Arabia, and Pakistan, have downloaded the most apps, followed by users in the United States and Poland. The first UltimaSMS samples were discovered in May 2021, and new samples from the campaign were disclosed earlier this month, indicating that the scam is still active “Avast has been added.

What is the mechanism behind this ruse? When a user downloads one of the apps, it examines the user’s location, International Mobile Equipment Identity (IMEI), and phone number to determine their country area code and language. When the user first launches the app, a screen appears with a message in the localized language asking them to enter their phone number or email address in order to use it.

A subscription to premium SMS services with monthly fees of up to $40 is activated as soon as the customer supplies the requested information.

“Rather than accessing the apps’ claimed functionality, as users might expect,” Avast explained, “the apps will either present further SMS subscriptions alternatives or cease working completely.”

The report was confirmed by Google, and all 151 fraudulent apps were removed from the Play Store. This will ensure that new users are not duped by the UltimaSMS hoax. Those who have already downloaded these apps will be in danger until they delete them and notify their carriers, who will then deactivate all premium SMS messages.

Consumers can look through Avast’s comprehensive list for a complete list of all 151 apps.