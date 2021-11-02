Cybersecurity researchers at Avast discovered that hundreds of fraudulent premium SMS apps bypassed Play Store controls and were downloaded millions of times. This situation shows, once again, that malware in the official Android store is still a difficult problem for Google to solve.

Avast has identified 150 of them so far. Using data from Sensor Tower, the antivirus company points out that the apps in question were downloaded more than 10.5 million times by users in 80 countries. And although Google has already removed them from its store, the fraudulent campaign is still ongoing in alternative stores.

Fraudulent applications are one identical copy in structure and functionality to legitimate ones and are found in a wide range of categories. These range from custom keyboards to QR scanners and photo and video editors. However, its sole purpose is to steal money from Android users with premium SMS services.

How do they scam Android users?

Malicious Android apps have the ability to check the victim’s location and display messages in their language. So when they are first started they ask the user to enter their phone number and in some cases their email address.

Credit: Avast

Unfortunately, what the user doesn’t know is that by entering your phone number you are subscribing to premium SMS services. These have the ability to generate additional charges of more than $ 40 per month depending on the country and the mobile operator. These charges, multiplied by millions of victims, are a huge source of illicit revenue for the cybercriminals behind these types of campaigns.

Avast has compiled a list of all the applications identified as fraudulent. You can check it through this link. If you have downloaded one of these, you should immediately remove it from your Android mobile.

The bad news is that premium SMS services continue to incur additional charges even after the app is uninstalled. In this sense, it is advisable to contact the mobile phone company to deactivate the premium SMS option. This way you can avoid paying an unpleasant sum on the bill.

A threat that transcends the Play Store

It should be noted that these types of malicious applications can reach your mobile phone in different ways than your Android. You should never install apps outside of the Play Store, but since they can bypass filters, you need to carefully review reviews to reveal their true purpose.

But this is not all. Cybercriminals are very cunning. Many campaigns include ads on popular platforms like Facebook, Instagram, or TikTok. A banner or video invites you to download an app that may be fraudulent. Always be suspicious before installing them and be careful when providing your mobile number.