article featured image


The campaign was detected by Avast researchers, who dubbed it ‘UltimaSMS’, and also reported 80 related applications on the Google Play Store.

Despite the fact that Google promptly deleted the applications, the scammers are likely to have made millions of dollars in fake membership payments.

The threat actors used 151 Android applications masquerading as discount apps, games, custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and more to carry out the UltimateSMS campaign.

How Does the Scam Work?

All apps use data from the smartphone, such as the location and IMEI, to change the language and match the local language when starting one of these applications for the first time.

To use the program’s functionality, the user would be prompted to input their cell phone number and email address.

After obtaining the victim’s phone number and granting the necessary permissions, the app enrolls the victim in a $40 a month SMS service, from which the scammers profit as an affiliate partner.

The designers of these programs have built a mechanism that charges the victim the most amount feasible based on their location.

As thoroughly explained by BleepingComputer, despite the fact that most of these applications don’t provide the stated functionality and have received several negative ratings on Google PlayStore, their authors became successful only due to the sheer volume of submissions.

The fraudsters were able to maintain a steady intake of victims and keep their presence on the Play Store despite Google’s regular reporting and take-down action by deploying such a huge variety of applications for the ‘UltimaSMS’ campaign.

It seems that Egypt, Saudi Arabia, Pakistan, and the United Arab Emirates are the most affected nations, with over a million customers affected in each.

What Can Users Do to Protect Themselves?

Deleting the app prevents new subscriptions, but it does not prevent existing subscribers from being charged again, therefore in order to avoid future costs, users should contact their carrier and request that all SMS subscriptions be canceled.

If you liked this article, follow us on LinkedInTwitterYouTubeFacebookand Instagram to keep up to date with everything we post.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.