According to Bleeping Computer, researchers at Avast recently uncovered a massive fraud campaign in which threat actors used 151 Android apps to tie users to premium subscription plans without their knowledge.
The apps included fake discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters and others.
When the apps are first launched, the app uses data from the smartphone, such as location and IMEI, to adjust its language to the country after which it asks users to enter their mobile phone number and email address to access the features of the program.
Using the app, which has access to a user’s phone number and other required permissions, the app then subscribes the victim to a $40 a month SMS service from which the scammers receive a cut as affiliate partners.
By using a large number of apps for the fraud campaign called “UltimaSMS” help the scammers maintain a constant flow of unsuspecting victims, although the constant reporting has led Google to remove some of the apps. Google has now removed 80 related apps identified by Avast researchers.