Consumers have been duped and billed for premium subscription plans without their knowledge or consent via 151 scam Android apps with 10.5 million downloads.
The premium “UltimaSMS” SMS scam reportedly started in May 2021 and involved a wide range of applications, such as keyboards, QR code scanners, video and image editors, unwanted call blockers, camera filters and games. A significant proportion of illegitimate apps were installed by users in Pakistan, Saudi Arabia, Egypt, United Arab Emirates, United States, Poland, and various parts of the Middle East.
The scam begins when the apps request the users’ phone numbers and email addresses in order to access the features of the apps. However, users were forced to spend on premium SMS services, costing over $ 40 (around Rs 3,000) per month, depending on location and mobile operator.
While a large majority of these worrying apps had been removed from the Google Play Store, 82 apps were still active as of October 19, 2021.
According to the researchers, the deception of the UltimaSMS adware is particularly distinct. It is disseminated through marketing networks on widely used social media sites such as Facebook, Instagram, and TikTok. They attract unsuspecting victims with “eye-catching video ads”.
To avoid subscription fraud, users are recommended to terminate premium SMS service with operators as well as uninstall associated applications.
Experts explained that rather than unlocking the indicated functions of the applications; they show additional SMS subscription options or stop working altogether.
“From some of the user accounts that left negative reviews, it appears that children are among the victims, which makes this step particularly important on children’s phones, as they may be more susceptible to this type of problem. ‘scam,’ said an analyst called Jakub. Vávra with cybersecurity company Avast revealed.