{"id":3534,"date":"2021-10-26T17:58:49","date_gmt":"2021-10-26T12:28:49","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3534"},"modified":"2021-10-26T17:58:50","modified_gmt":"2021-10-26T12:28:50","slug":"fraud-subscription-campaign-targeted-million-of-android-users","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/","title":{"rendered":"Fraud Subscription Campaign targeted Million of Android Users"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">An enormous fraud operation using 151 Android applications with 10.5 million downloads was utilized to subscribers users to premium subscription services without even knowing them.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Security Investigators at Avast founded the operation, naming it \u2018UltimateSMS,\u2019 and reported 80 correlated applications that they discovered on the Google Play Store. While Google immediately removed the applications, the fraudsters likely assemble millions of dollars in fraudulent subscription charges.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>It appears along with the Phone Number<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">The attackers initiated the UltimateSMS operations via 151 Android applications that were assumed to be discount applications, games, and custom keyboards, QR code scammers, video and photo editors, spam call blockers, camera filters, and more.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">When launching one of these applications for the first time, use information from the smartphone like the location and IMEI, to change its language to match the country.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The application would then prompt the user to enter their mobile phone number and email address to access the program\u2019s features.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1-1024x593.png\" alt=\"Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1\" class=\"wp-image-3536\" width=\"711\" height=\"411\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1-1024x593.png 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1-300x174.png 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1-768x444.png 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1-1536x889.png 1536w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image1.png 1600w\" sizes=\"(max-width: 711px) 100vw, 711px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">Having the phone number and the required permissions, the application then subscribes the victim to a $40 per month SMS service from which the scammers get a cut as an affiliate partner. Security analysis also reveals that the authors of these applications have run on a system that charges the victim the maximum possible amount based on their location.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Although most of the applications do not offer the advertised functionally, and despite the various bad reviews they had on the Play Store, their creators are still researching success through the sheer volume of submissions.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">By utilizing such a large number of applications for the \u2018UltimateSMS\u2019 operations, the scammers maintained a continuous influx of victims and preserved their presence on the Play Store despite&nbsp;the constant reporting and take-down action by Google.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">As per the Sensor Tower, the most affected countries are Egypt, Saudi Arabia, Pakistan, and the UAE, all estimating over a million victimized users. In the U.S., the number of affected devices is 170,000.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"342\" height=\"276\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image2.png\" alt=\"Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image2\" class=\"wp-image-3537\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image2.png 342w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-image2-300x242.png 300w\" sizes=\"(max-width: 342px) 100vw, 342px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What should the UltimateSMS Victims do?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">While uninstalling the app will stop new subscriptions from being made, it will not prevent the existing subscription from being charged again. To avoid future charges, you need to contact your carrier and ask for a cancellation of all SMS subscriptions.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">To avoid falling victim to scams of this kind, ask your carrier to disable the premium SMS option for your account and avoid entering your phone number on apps that would not need this information. It is also strongly advised that you read reviews before installing an app, and if there is repeated negative feedback, avoid the app altogether.&nbsp; &nbsp;<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An enormous fraud operation using 151 Android applications with 10.5 million downloads was utilized to subscribers users to premium subscription services without even knowing them. Security Investigators at Avast founded the operation, naming it \u2018UltimateSMS,\u2019 and reported 80 correlated applications that they discovered on the Google Play Store. While Google immediately removed the applications, the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3538,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Fraud Subscription Campaign targeted Million of Android Users - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fraud Subscription Campaign targeted Million of Android Users - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"An enormous fraud operation using 151 Android applications with 10.5 million downloads was utilized to subscribers users to premium subscription services without even knowing them. Security Investigators at Avast founded the operation, naming it \u2018UltimateSMS,\u2019 and reported 80 correlated applications that they discovered on the Google Play Store. While Google immediately removed the applications, the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-26T12:28:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-26T12:28:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Fraud Subscription Campaign targeted Million of Android Users\",\"datePublished\":\"2021-10-26T12:28:49+00:00\",\"dateModified\":\"2021-10-26T12:28:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\"},\"wordCount\":434,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\",\"url\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\",\"name\":\"Fraud Subscription Campaign targeted Million of Android Users - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-10-26T12:28:49+00:00\",\"dateModified\":\"2021-10-26T12:28:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fraud Subscription Campaign targeted Million of Android Users\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fraud Subscription Campaign targeted Million of Android Users - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/","og_locale":"en_US","og_type":"article","og_title":"Fraud Subscription Campaign targeted Million of Android Users - Xiarch Solutions Private Limited","og_description":"An enormous fraud operation using 151 Android applications with 10.5 million downloads was utilized to subscribers users to premium subscription services without even knowing them. Security Investigators at Avast founded the operation, naming it \u2018UltimateSMS,\u2019 and reported 80 correlated applications that they discovered on the Google Play Store. While Google immediately removed the applications, the [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-10-26T12:28:49+00:00","article_modified_time":"2021-10-26T12:28:50+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/10\/Fraud-Subscription-Campaign-targeted-Million-of-Android-Users-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Fraud Subscription Campaign targeted Million of Android Users","datePublished":"2021-10-26T12:28:49+00:00","dateModified":"2021-10-26T12:28:50+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/"},"wordCount":434,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/","url":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/","name":"Fraud Subscription Campaign targeted Million of Android Users - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-10-26T12:28:49+00:00","dateModified":"2021-10-26T12:28:50+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/fraud-subscription-campaign-targeted-million-of-android-users\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Fraud Subscription Campaign targeted Million of Android Users"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3534"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3534"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3534\/revisions"}],"predecessor-version":[{"id":3539,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3534\/revisions\/3539"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3538"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}