More than 10.5 million Android devices have been subjected to a massive cyberattack by UltimaSMS, it’s a premium SMS scam campaign in which the threat actors have targeted millions of users globally.
This malicious premium SMS campaign involves more than 150 fraudulent applications that forced millions of users to subscribe to expensive services without the consent of users. Through this malicious campaign, the threat actors managed to earn millions of dollars from innocent users.
All the identified apps are identical information and functionality; without any type of offer, it starts charging users more than 40 dollars a month which depends on the location and the mobile operator.
According to the Avast report , While more than 80 apps were still available on the Google Play Store, and remaining 70 apps had also previously been available on the Play Store. However, most of the apps were promptly removed by Google from the Play Store.
How do UltimaSMS scams users?
To trick and deceive users the UltimaSMS disguise itself as legitimate apps like:-
- Custom keyboards
- QR code scanners
- Photo editors
- Video editors
- Spam call blockers
- Camera filters
- Games
Through these genuine-looking apps the attackers lure the users through ads on social media platforms like TikTok, Facebook, Instagram. Through these ads users downloads these malicious apps, and the users are mainly lucarated from the countries like:-
- Egypt
- Oman
- Qatar
- Turkey
- Kuwait
- Pakistan
- Saudi Arabia
- United Arab Emirates
- United States of America
After getting downloaded it checks the following things on the victim’s device:-
- Location
- IMEI
- Phone number
Now here, they check the phone number to determine the country region and native language, they do so, to display the scam in their native language so that the scam looks legitimate.
In some cases, the scammers also asked the users to put their email addresses to use the functions announced by the application. Here, comes the real game, where the scammers turn the table, once the user submits this information, they automatically sign up for a premium SMS subscription.
How to avoid UltimaSMS?
Here the experts have recommended users follow the guidelines mentioned below:-
- Remain vigilant
- Disable premium SMS option with your carrier
- Carefully check reviews
- Don’t enter a phone number unless you trust the app
- Read the fine print before entering details
- Stick to official app stores
So, to keep yourself protected you have to follow all the above-mentioned guidelines properly, as these guidelines will not only keep you safe from UltimaSMS, but, also from other similar scams as well.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.
