The campaign was detected by Avast researchers, who dubbed it ‘UltimaSMS’, and also reported 80 related applications on the Google Play Store.
Despite the fact that Google promptly deleted the applications, the scammers are likely to have made millions of dollars in fake membership payments.
The threat actors used 151 Android applications masquerading as discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and more to carry out the UltimateSMS campaign.
How Does the Scam Work?
All apps use data from the smartphone, such as the location and IMEI, to change the language and match the local language when starting one of these applications for the first time.
To use the program’s functionality, the user would be prompted to input their cell phone number and email address.
After obtaining the victim’s phone number and granting the necessary permissions, the app enrolls the victim in a $40 a month SMS service, from which the scammers profit as an affiliate partner.
The designers of these programs have built a mechanism that charges the victim the most amount feasible based on their location.
As thoroughly explained by BleepingComputer, despite the fact that most of these applications don’t