Attackers are leveraging on 151 malicious Android apps with 10.5 million downloads in order to rope users into premium subscription service without consent and knowledge.
This attack has been dubbed “UltimaSMS” and is believed to have commenced in May 2021. This attacker took advantage of apps covering wide range of categories including keyboards, QR code scanners, spam call blockers, camera filters, and games.
See: Android Phone Hacking Tutorial
Many amongst the countries affected by this campaign are Pakistan, the U.A.E., Egypt, Saudi Arabia, Turkey, Oman, the U.S., and Poland.
A significant amount of the apps has been removed from the Google Play Store however a few of them are still online as at October 19, 2021.
Users of the app are made to enter their phone numbers and email addresses to gain access to the advertised features but unkonwn to the users, they are being subscribed to premium SMS services charging as much as $40 per month depending on the country and mobile carrier.
A notable feature of the UltimaSMS adware scam is that it is distributed via advertising channels using popular social media sites like Facebook, Instagram and TikTok with the use of catchy video advertisements.
Users are therefore adviced to uninstall all aforementioned apps and disable premium SMS option with the carriers to prevent subscription abuse. Avast researcher Jakub Vávra stated that “Based on some of the user accounts that left negative reviews, it looks like children are among the victims, making this step especially important on children’s phones, as they may be more susceptible to this type of scam.”