Scam apps are a dime a dozen, but most of the time, you might find them from shady websites in the form of APKs. However, researchers have discovered a new scam called CallPhantom on Android that has made its way into several apps on the Google Play Store.
CallPhantom scam worms its way onto Android
ESET researchers discovered as many as 28 fraudulent apps on the Google Play Store. The report claims that these apps marketed themselves as call logs and could provide the call history “for any number.” It plays into people’s emotions, especially those who have an ex they can’t get over, a partner that they suspect could be cheating, and so on.
What’s worrying is that this CallPhantom scam might have infected millions on Android devices. Based on their findings, the researchers estimate that these apps have been downloaded more than 7.3 million times.
So, how did people get scammed? Basically, in order to access the app’s features, you have to pay. However, when people paid, they quickly realized that the app did not perform as advertised. The researchers dug into the app’s code and found that basically all it did was generate fake phone numbers and names to give the impression that it was working.
It “works” because unless you absolutely know the other person, it would be impossible for you to know who they’ve really been in contact with. Which means that at a glance, these names and numbers look somewhat believable. The good news is that Google seems to have removed these apps. Also, as the researchers point out, the app doesn’t request sensitive permissions.
This means that it’s really just a scam, not some kind of malware campaign designed to steal information like credit card numbers or personal information.
What to do if you got scammed?
Interestingly enough, some of the apps the researchers found used Google Play’s official billing system. This means that if you were tricked into paying for the service, you’re covered by Google’s refund protection.
However, in some cases, some of the apps relied on third-party apps for payment. If that’s the case, you might need to contact your bank or payment provider. From there, you might have to potentially cancel your card and get a new one. The second situation is actually trickier.
The researchers say that the apps include hardcoded URLs or fetch them from a Firebase realtime database. This means the payment account could be changed at any time by the operator.
The post 7 Million Android Users Got Scammed by Fake Call Log Apps on Google Play appeared first on Android Headlines.
