Google just banned 151 different apps that were all part of a scam campaign called “UltimaSMS.”
Before Google deleted them, the apps had been collectively downloaded more than 10.5 million times, so it’s worth checking your phone to make sure you don’t have any of them on your own device.
The apps look like they offer a wide range of perfectly normal uses, from video and photo editors to spam call blockers to games. It’s another reminder to anyone on the internet to be wary of downloading anything, even from a perfectly mainstream source like the Google Play store.
The List of Fraudulent Apps
Here’s a partial list of actual app names that can give you an idea of the general vibe these apps are going for. I’d describe it as “a jumble of far-too-innocent-looking buzzwords.”
- Ultima Keyboard 3D Pro
- VideoMixer Editor Pro
- NewVision Camera
- Wi-Fi Password Unlock
- GT Sports Racing Online
- Fitness Ultimate 2021
The entire list of 151 app names is available online as well, courtesy of cybersecurity software company Avast. Flip through it to see if you recognize any. They’ve been advertised on Facebook, Instagram, and TikTok to lure in more victims.
Once one of these UltimaSMS apps are installed, they’ll use their access to your phone’s location to guess your language and area code. Then, they’ll use that to phish for additional information including your phone number or email address.
There’s a (very thin) silver lining to this particular scam, which is that you won’t have to worry about common internet threats like ransomware or identity theft. These apps just want your money.
Double Check Your Phone Bill
The point of the swindle? Charging customers through the nose for apps that won’t even work. Most of the apps charge a weekly price that’s the maximum possible amount allowed by the Google Play store in whichever country they’re living in.
Here’s how Avast explains it in a recent blog post about the scam app campaign:
“Upon entering the requested details, the user is subscribed to premium SMS services that can charge upwards of $40 per month depending on the country and mobile carrier. Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether. The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions.”
Some of the apps include the fine print explaining their cost, but others don’t, leaving the scammed users in the dark about their new phone bill upcharges. If you’ve been targeted, you’ll likely need to contest the charges with your credit card provider in addition to deleting the app itself.
Staying Safe Online
As always, the internet remains a wretched hive of scams and villainy, even on the relatively well-cultivated Google Play store. Before downloading anything, make sure to check reviews from a trusted third-party source to make sure someone has vetted that particular app.
VPNs won’t save you from scam apps, but there is one tech tool that will help a lot: A good password management service will autofill passwords and suggest strong new ones every time you need to start a new account online. This saves you from the understandable urge to re-use the same password more than once, and ensures that even if you get scammed, the login information that the scammer swipes won’t allow them to break into any more important accounts.
Our top picks for Android password management are LastPass and 1Password, but whatever you wind up with, just remember: Check your phone bill regularly for unexpected $40-a-month charges.
