Subscription Fraud Campaign Targets Millions of Android Users

A recent fraud campaign has resulted in millions of Androids users losing quite a large amount of money due to them being unwittingly subscribed to premium services and the like. This fraud campaign, as per Avast, is being referred to as UltimaSMS, and over 150 Android apps that have been downloaded an excess of 10 million times in total were used to implement the fraud. This is the sort of thing that indicates a lot of security holes in the Google Play Store which seem to be popping up repeatedly despite Google’s attempts to fix things on their end.

Google has now removed the apps that were associated with this fraud, but with all of that having been said and now out of the way it is important to note that users were still defrauded of millions of dollars due to the scam being so effective. The way that these apps worked is that they posed as legitimate apps, made users put in their mobile number or email address before they could use the app and then the phone number would be used to subscribe to premium SMS services that cost users upwards of $40 per month.

This money was billed to the users’ phone companies which just goes to show how easy it is to commit fraud using these apps. The malicious actors behind this fraud campaign received a commission for every user that they signed up for the service, and they also made it so that the apps would use the language that the users used in their home country in order to make themselves a lot more legitimate.

This just goes to show how important it is to vet apps that you feel you might want to use because they can commit fraud even if they don’t have your card details to take money from you.


Read next: App Cloning Might Become Possible in Future Android Iterations
Previous Post Next Post