Be sure you review your monthly phone bill for mysterious charges. A campaign has been uncovered that leveraged at least 151 different fake apps downloaded over 10 million times to sign people up for SMS subscription services. In this case, it is Android and Google play store.
Be sure you talk to your children about these things too.
It is becoming more and more common for bad actors to release software that is either legit or fake. Sadly many will install apps and give permissions without understanding what they are granting.
From an article by ThreatPost.com
“How It Works
The threat actor behind the campaign is spreading UltimaSMS with “numerous catchy video advertisements” posted on advertising channels of social-media sites like Facebook, Instagram, and TikTok, Vavra explained.
If an Android user takes the bait and installs one of the apps, it checks their location, International Mobile Equipment Identity (IMEI), and phone number to determine which country area code and language to use for the scam, according to the post.
Once the user opens the app, a screen, localized in the language their device is set to, prompts them to enter their phone number, and in some cases email address, to gain access to the app’s advertised purpose,” Vavra wrote.
Once the user enters the details, the app subscribes him or her to a premium SMS service that sends texts to a short-coded number — each text results in a charge for the user. These charges can total upwards of $40 per month depending on the country and mobile carrier.”