Online Security

Project UltimaSMS – The new Premium SMS Scam Apps

Android phones can be very convenient as they allow you to download anything from whatever source you want. However, with convenience comes vulnerability since malware can easily make its way to your device without you even noticing.

In some cases, even Google Play Store can’t detect malware, which brings us to the latest incident featuring SMS scam apps. According to a global fraud campaign, more than 150 malicious Android apps targeted users to trick them into subscribing to premium services without their consent.

What’s worrying is that the apps came from Google Play Store, which raises three questions: What are the apps? How did they end up on the Play Store? And how many were affected? Everything you need is presented below.

Project UltimaSMS – Your Android is at Risk

A fraud campaign that goes by the name of UltimaSMS included around 151 malicious Android apps that are used to trick consumers into paying for premium subscription services without knowing.

The worst thing about this is that the apps have over 10.5 million downloads, which indicates how big the damage is.

UltimaSMS kicked off sometime in May 2021 and it involved apps in a variety of categories. We’re talking video/photo editors, keyboards, camera filters, spam call blockers, games, as well as QR code scanners.

Apparently, users in big countries such as Egypt, Kuwait, the United States, KSA, Pakistan, the UAE, Turkey, Oman, Qatar, and Poland showed the most interest.

UltimaSMS Countries

Throughout the campaign, Google managed to remove almost half of these fraudulent SMS scam apps. However, around 82 of them were still present back on October 19th, 2021.

Here’s how this works. The apps opt the users to submit their phone numbers and email addresses in order to obtain access to the offered features.

SMS Scam Apps - The Actual App

That’s what occurs on the surface. In the background, however, the apps have the victims subscribe to premium SMS services that cost up to $40 a month – based on the country and the cell carrier.

Once the scam takes place, users will unblock no additional features. Instead, the apps will either present more options for SMS subscriptions or stop working altogether.

SMS Scam Apps

Oh, the app is definitely working, but not in the way you want it to. It’s harvesting your money while you remain in the dark.

Researchers at Avast Have Something to Say!

Most of these apps attracted users through ads on popular social media platforms such as Facebook, Instagram, and TikTok.

According to Avast researcher Jakub Vávra, there are a lot of negative reviews on Google Play Store.

Not only that, but he made it clear that it’s important to check the phones of those at a young age as they’re the most susceptible to such scams:

“From some user accounts who have left negative reviews, it appears that children are among the victims, which makes this step particularly important on children’s phones, as they may be more susceptible to this type of scam.”

Moreover, Jakub Vávra also recommended a couple of steps to ensure that you don’t fall victim to these kinds of scams. What you need to do is the following:

  • Always check the reviews on Google Play Store before you install an application.
  • Never submit your personal information unless you trust the app.
  • Always check what your children are downloading as catchy video ads can grab their attention easily.
  • Check the Privacy Policy and Terms of Service.
  • Never download an app from a third-party source. Stick to the official Store. (Even though the apps were available on Google Play, they since have been removed).

If you follow the advice given by experts such as Avasts’, you’ll minimize the risks of installing such apps on your device.

UltimaSMS – A Cam-pain in the Wallet

Such attacks and scams are not new at all – they just resurfaced. UltimaSMS‘ risk has been totally removed by Google Play Store, but the SMS scam apps remain available elsewhere.

All you have to do is avoid such applications and take the proper precautions before downloading any app in the future. It’s serious – your private information and money are at risk.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button