UltimaSMS Fraud Targetting Android Users

Researchers have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS, the name comes from the first apps they discovered called Ultima Keyboard 3D Pro.

Threat actors used at least 151 Android apps with 10.5 million downloads from over 80 countries to subscribe victims to premium subscription services. Most of the downloads were made by users in the Middle East, such as Egypt, Saudi Arabia, and Pakistan.

Upon installing the apps, they check their location, IMEI, and phone number to determine which country area code and language to use for the scam. When the victim opens the app, it will be displayed a screen that requests to enter their phone number, and in some cases, email address to gain access to the app’s advertised service or product.

Upon entering the requested details, the user is subscribed to premium SMS services that can charge upwards of $40 per month depending on the country and mobile carrier. Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether.

Once the app has obtained the required permissions, it subscribes the victim to SMS service that could cost up to $40 per month depending on the country and mobile carrier. Avast shared its findings with Google that quickly removed the apps,

Experts recommend disabling the premium SMS option for their carrier and recommend users avoid entering a phone number unless they trust the app. Mobile users are advised to read the fine print before entering details and carefully check reviews before installing an app.