Android Users Targeted in Subscription Fraud Campaign

According to Bleeping Computer, researchers at Avast recently uncovered a massive fraud campaign in which threat actors used 151 Android apps to tie users to premium subscription plans without their knowledge.

The apps included fake discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters and others.

When the apps are first launched, the app uses data from the smartphone, such as location and IMEI, to adjust its language to the country after which it asks users to enter their mobile phone number and email address to access the features of the program.

Using the app, which has access to a user’s phone number and other required permissions, the app then subscribes the victim to a $40 a month SMS service from which the scammers receive a cut as affiliate partners.

By using a large number of apps for the fraud campaign called “UltimaSMS” help the scammers maintain a constant flow of unsuspecting victims, although the constant reporting has led Google to remove some of the apps. Google has now removed 80 related apps identified by Avast researchers.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web