A large fraud campaign named UltimaSMS, which involves 151 Android apps, was found subscribing users unknowingly to premium subscription services. These apps were already downloaded over 10.5 million times.

The campaign

A researcher from Avast discovered a global campaign spreading fake apps for the promotion of premium SMS scam campaigns. 
  • The most targeted countries include Saudi Arabia, Egypt, Pakistan, and the UAE, all recording over a million victims. The U.S. has 170,000 infected devices.
  • The campaign is majorly being pushed via advertising channels on social media sites (Facebook, Instagram, TikTok).
  • These malicious apps pretend to be utility apps across multiple categories, such as camera filters and games.
  • The apps, through phone numbers and required permissions, subscribe victims to premium SMS services (costing about $40 per month) without their knowledge.

How does it work?

The authors of these apps have created a system that charges victims with the maximum amount possible based on their location.
  • As soon as any one of these apps is launched for the first time, the app uses data from the smartphone (location and IMEI) to find the native language and area code of the user.
  • After that, the app prompts the user to enter their phone number and email address to access the features of the program.
  • Attackers enroll users for SMS subscriptions for which they get a share from their affiliate partners.

More details

  • Most of these apps have bad reviews on the Google Play Store. Still, the authors behind these apps are successful in their scams.
  • Due to a large number of compromised apps in use, there is a steady influx of victims.
  • The fraud persisted even though the apps were reported malicious and Google has attempted to take them down.


The more time you spend exploring mobile apps, the more likely you are to come across a malicious app disguised as a legitimate one. Moreover, hackers exploiting Play Store to spread fake and malware-laden apps is not new. Such apps usually offer tempting features that users might not think of risks associated with downloading an app.
Cyware Publisher