Home / Technology / Fake Call Apps Stole Millions from Users
Fake Call Apps Stole Millions from Users
8 May
Summary
- 28 fraudulent apps on Google Play promised call history access.
- Apps generated fake data and charged $6-$80 for subscriptions.
- Most victims are in India, with Google refunding Play payments.
Security researchers at ESET have identified and reported 28 fraudulent applications on the Google Play Store. These apps collectively garnered over 7.3 million downloads worldwide. Their primary deception involved promising users the ability to access call histories, SMS records, and WhatsApp call logs for any number.
However, these applications did not deliver on their promises. Analysis revealed that the 'call history' data provided was entirely fabricated, with the apps generating random information embedded directly in their code. Users were coerced into purchasing subscriptions, with costs varying between $6 and $80, depending on the package selected.
The campaign, dubbed CallPhantom by ESET, disproportionately affected users in India. Many of these fraudulent apps pre-selected India's +91 country code and supported UPI, a payment system predominantly used in India. ESET confirmed that over 53.7% of all global detections occurred in India.
Google has since removed all 28 applications from its Play Store. Payments made through Google Play's official billing system have been cancelled and refunded. For transactions made via third-party payment providers, ESET advises users to contact their respective payment providers for reimbursement options.
