No matter what device you’re using, you have to be on the lookout for scams. Any email you receive, text someone sends you, or app you download could be dangerous. We can’t even go a week without a new threat popping up, and this week’s is a collection of fake Android apps on Google Play.
Cybersecurity software company Avast has been reporting on a scam campaign dubbed UltimaSMS in recent weeks. According to Avast, 151 apps were part of the premium SMS scam campaign. These fake Android apps disguise themselves as legitimate tools, from photo editors and camera filters to games and QR code scanners. Their intent is to get victims to sign up for expensive SMS services.
Fake Android apps downloaded by millions
If you install an UltimaSMS app, it will immediately check your phone’s location, IMEI, and number to figure out which country area code and language to use for the scam. When you open the app, you’ll see a screen in your language asking you to enter your phone number and/or email address.
Once you submit the information, the app will sign you up for a premium SMS service that could cost upwards of $40 a month. At this point, the app will display even more subscription options or simply stop working. You will then be charged every week by the scam service.
How are people falling for this?
Here’s why people are downloading these fake Android apps on Google Play, as Avast explains:
The apps discovered are essentially identical in structure, meaning the same base app structure is repurposed numerous times. These copies are disguised as genuine apps through well constructed app profiles on the Play Store. The profiles feature catchy photos and enticing app descriptions alongside often high review averages. However, upon closer inspection, they have generic privacy policy statements and feature basic developer profiles including generic email addresses. They also tend to have numerous negative reviews from users that correctly identified the apps as scams or have fallen for the scam.
Furthermore, the fake Android apps are being advertised on Facebook, Instagram, TikTok, and other platforms. These social media networks can’t catch everything (providing they’re even trying), so it’s up to you to assess the risk before you click on a sketchy ad for a flashy app.
Android device users have already downloaded these apps more than 10.5 million times. The good news is that Google has since banned every app that was part of this specific campaign. You should check the full list of fake apps to make sure you don’t have any on your phone. If you do find any of the apps from that list on your phone, delete them immediately.