Scam apps have always been a popular tool used by hackers and scammers to gain access to people’s smartphones. Therefore, it came as no surprise that more fake apps had been discovered on Google Play which sign the user up to very expensive SMS services.
The scam, named UltimaSMS, was found to be used by 150 different apps and is estimated to have been downloaded over 10 million times by users across the world. These apps were designed to look and act exactly like a normal app, often as a utility function app such as photo editors, QR scanners and even games.
What Android apps do I need to delete now?
The full list of Fake Apps removed from Google Play Store.
How did the UltimaSMS scam work?
On a closer inspection by Avast, the cybersecurity company that identified the scam, all the differing apps were using the same base structure, so it appears that this structure had been copied across the range of apps, then adapted to for each type of app function.
The malware’s function was extremely sophisticated in the way it would initially start. It was designed to identify specific information such as location, area code and IMEI that would allow it to select the correct language to use.
The user was then prompted to enter an email address or mobile number, which, once completed, would sign up the user to the premium SMS service. At this point the app would either prompt the user to sign up for additional subscriptions or just stop working altogether. The user was then charged the amount each week.
In a statement released by Avant, they illustrate why people would fall victim to this fake app scam:
“The apps discovered are essentially identical in structure, meaning the same base app structure is repurposed numerous times. These copies are disguised as genuine apps through well-constructed app profiles on the Play Store. The profiles feature catchy photos and enticing app descriptions alongside high review averages. However, upon closer inspection, they have generic privacy policy statements and feature basic developer profiles including generic email addresses. They also tend to have numerous negative reviews from users that correctly identified the apps as scams or have fallen for the scam”.
How to avoid scam apps
The frequency that hackers release new fake apps is increasing and Google takes time to assess and identify whether the apps pose a security and privacy risk.
To eliminate the risk of fake apps the first option is to not download any apps in the first place. Alternatively, you can switch your smartphone to the Blackphone PRIVY 2.0.
The security and risk mitigation measures that have been taken with PRIVY 2.0’s dedicated apps ensure that you will not be exposed to hackers and scammers that place malware in their apps.
For example, messaging apps have long been associated with scams and hacks, so the Blackphone PRIVY 2.0 includes the PRIVY Chat and PRIVY Vault privacy and security features. These additions guarantee the security and privacy of your communications. The Blackphone PRIVY 2.0 is provided with these state-of-the-art applications for secure communications and file storage preloaded.
The Blackphone PRIVY 2.0 provides everything you need from a smartphone: security, functionality, and privacy, whilst mitigating the risk from hackers and scammers.
Read more about the Blackphone PRIVY 2.0, or call our Sales Team on +44 (0)871 666 9 666.