A photo editor, camera filter, and other games and apps promoted through Instagram and TikTok channels, for a total of 151. All are fake, or worse, all are scams. All on the Android Play Store.
Last week they reported, in one fell swoop, 80 apps belong to premium scam SMS campaign, which charges victims with expensive services, to extort money from unsuspecting users, take money from their credit cards, Poste Pay, and the like.
All applications are part of UltimaSMS campaign, consisting of 151 apps available for download on the Google Play Store, already downloaded by 10.5 million users, and almost identical in structure and functionality.
Fake app, the process of extorting money from unfortunate users
They are basically copies of the same fake app used to spread the phishing SMS campaign. “This leads me to believe that there is a bad actor or band behind the whole campaign.” So writes blog.avast.com, which reports 80 out of 151 apps involved. “I called the campaign ‘UltimaSMS’, because one of the first apps I discovered was called Ultima Keyboard 3D Pro. The fake apps I found in it Wide range of categories such as custom keyboardsQR code scanners, video and photo editors, spam call blockers, camera filters and games, among other things.”
UltimaSMS appears to be a global campaign, as according to statistics from Sensor Tower, a marketing intelligence and statistics company for mobile apps, apps capable of extorting money from Internet users have been downloaded by users in more than 80 countries, mainly in Middle east: Egypt, Saudi Arabia, Pakistan, as well as the United States and Poland.
Avast Tracking the first samples of UltimaSMS in May 2021 And new campaign samples were released earlier this month, which means the scam is still going on. Classic process.
When a user installs an applicationThe app in question checks its location, IMEI (International Mobile Equipment Identity) and phone number to determine which country and language code to use for the scam. Once the user opens the app, a screen in the language the device is set up asks to enter their phone number and, in some cases, email address to access the device’s stated purpose.
“The apps discovered are essentially identical in structure – Avast researchers note – that the profiles provide captivating pictures and descriptions of the attractive applications, with very high reviews.” However, upon closer examination, Privacy data and core developer profiles are very general. “They also tend to get many negative reviews from users who correctly identified the apps as scams and – Avast concludes – they fell for the scam.” Google has removed 151, but who knows how many are likely. So, keep your eyes open and your hand raised: Before pressing OK, read the information carefully.