It’s another bad day for Android users as Google just banned over 100 apps from its popular Play Store. The latest applications that have been removed from this online marketplace have been found to contain a malicious malware called “UltimaSMS”.
This SMS text scam has been able to attract unsuspecting users to premium services that could potentially cost Android owners around $ 40 a month (£ 28). The shock fraud was discovered by technology experts at AVAST, with Google banning the applications as soon as they were informed of the threat.
However, this new block might come too late for some as the apps downloaded millions of times before they were removed.
To maximize their success, the apps have disguised themselves as popular services, including custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games. According to AVAST, the apps were also promoted through ads on social networks such as Tik Tok and Instagram, all of which have helped increase their popularity.
Once downloaded, the apps will immediately begin checking a user’s device location, IMEI, and phone number to determine what language to display the scam in. When a user opens the app, they are asked to enter their telephone number and, if necessary, their email address in order to be able to use the advertised purposes of the apps. If submitted, this step registers the user for a premium SMS subscription.
“The apps are disguised as real apps by well-designed app profiles in the Play Store. These profiles offer catchy photos with well-written descriptions and often have high rating averages. On closer inspection, however, they have general data protection declarations, basic developer profiles including general e-mail addresses, ”explains Jakub Vávra. “Despite high average ratings, many have had numerous negative ratings from users who correctly identified the apps as a fraud or who fell for the fraud. Unfortunately, based on the ratings in the app profiles, children seem prone to these scams. “
AVAST now says that Android users need to disable premium SMS options with their networks in order not to fall victim to this scam.
In addition, they advise mobile users to carefully check the ratings before downloading apps, as rogue apps often have the average ratings but poor written ratings. These should serve as red flags.
Even if an app is downloaded, it is advisable to keep personal information such as phone numbers or email addresses private and only share it with apps that you really trust.
If you are concerned about UltimaSMS, here is a full list of affected apps.