A photo editor, a camera filter, games and other applications promoted through the Instagram and TikTok channels, for a total of 151. All fake, or worse, all fraud. Everything in the Android Play Store.
Last week it was reported, in one fell swoop, 80 apps belonging to a premium SMS scam campaign, which subscribes victims to expensive services, to extort unsuspecting users, withdraw money from their credit cards, Poste Pay, etc.
All applications are part of the UltimaSMS Campaign, which consists of 151 applications available for download on the Google Play Store, already downloaded by 10.5 million users, almost identical in structure and functionality.
Fake app, the process to extort money from unlucky users
They are basically copies of the same fake app used to spread the premium SMS scam campaign. “This leads me to believe that there is a bad actor or band behind the whole campaign.” So writes blog.avast.com, which reports 80 of the 151 applications in question. “I called the campaign ‘UltimaSMS’ because one of the first apps I discovered was called Ultima Keyboard 3D Pro. The fake apps I found have a wide range of categories like custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera and game filters, among others ”.
UltimaSMS appears to be a global campaign, since according to the knowledge of Sensor Tower, a marketing intelligence and mobile application knowledge company, users in more than 80 countries have downloaded applications capable of extorting money from Internet users, especially in Middle East: Egypt, Saudi Arabia, Pakistan, but also the United States and Poland.
Avast tracked the first UltimaSMS samples in May 2021 and new campaign samples were released earlier this month, which means the scam is still ongoing. A classic process.
When a user installs one of the applications, the application in question checks your location, IMEI (International Mobile Equipment Identity) and phone number to determine which country code and language to use for the scam. Once the user opens the application, a screen, located in the language in which the device is configured, asks to enter their phone number and, in some cases, the email address to access the advertised purpose of the device.
“The discovered applications are essentially identical in structure – avast researchers comment – the profiles present captivating photos and attractive application descriptions, with very high reviews.” However, on closer inspection, privacy statements and top developer profiles are too general. “They also tend to have numerous negative reviews from users who have correctly identified the applications as scams – avast concludes – they have fallen for the scam.” Google removed 151, but who knows how many there might be. So keep your eyes open and your hands up: before pressing ok, read the information carefully.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.