Image: cyware

UltimaSMS Adware Scam exploits millions of Android smartphones

Image: cyware

The UltimaSMS Adware scam uses Android apps to trick users into signing up for premium SMS services that can cost up to $40 per month depending on their cell carrier and location.

Avast researchers found a global SMS fraud campaign that used 151 malicious Android apps with a total of 10.5 million downloads.

Scammers are attempting to subscribe unsuspecting individuals to premium subscription services without their knowledge. Users in the following countries have downloaded these phoney apps:

  • Egypt
  • Oman
  • Qatar
  • Turkey

    Number of downloads per country
    Image: HackRead

  • Kuwait
  • Pakistan
  • Saudi Arabia
  • United Arab Emirates
  • United States of America

Avast researchers have named the campaign UltimaSMS, and its primary targets are Android apps available on the Google Play Store. The name comes from the first programme discovered by the researchers to be utilised in this scam, Ultima Keyboard 3D.

According to reports, the campaign has been running since May 2021. It largely consists of programmes ranging from QR code scanners and virtual keyboards to photo and video editors, camera filters, online games, and spam call blockers, among other categories.

After a malicious programme is downloaded on a device, it analyses the user’s location and cell phone’s IMEI number to determine the language in which it must speak with the user and the country code, according to Avast researcher Jakub Vávra.

The user is then prompted to provide their email address and phone number in order to gain access to the app’s stated capabilities. However, it inadvertently enrols the victim in premium SMS services, which can cost up to $40 per month depending on their mobile provider and area.

“The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions. While some of the apps include fine print describing this to users, not all of them do, meaning many people who submitted their phone numbers into the apps might not even realize the extra charges to their phone bill are connected to the apps,” Vávra noted in their blog post.

Hundreds of apps have been removed from the Google Play Store.

According to Avast researchers, customers were subscribed to premium SMS services via at least 151 Android apps from more than 80 countries.

The Play Store has been updated to remove a large number of these fraudulent apps. On the other hand, as of October 19, 2021, there are approximately 82 apps available for download on internet marketplaces.

According to reports, this adware scam is also spread via advertising channels on popular social media platforms such as Facebook, TikTok, and Instagram, where users are enticed to download the apps by eye-catching video commercials.