Beware! UltimaSMS Adware Scams Millions of Android Devices

  • Last updated October 27, 2021
  • written by

Avast researchers have reportedly uncovered a new adware scam that forces the Android apps to register their users to premium SMS services that can cost you up to $40/month. However, the charges vary and largely depend on their mobile network company and their location.

The researchers have decided to call this adware “UltimaSMS Adware,” whose main victims are Android applications available on Google PlayStore. Till now, this fraud SMS campaign has corrupted over 151 Android applications with the help of 10.5 million downloads.

People in the below-listed countries download these fake apps:

  • Saudi Arabia
  • Egypt
  • Oman
  • United Arab Emirates
  • United States of America
  • Qatar
  • Kuwait
  • Pakistan
  • Turkey


Image Source: HackRead

This is not the first time Android users have been a prime target of malware attacks. Recently, security researchers discovered malware spreading through Android via fake Squid Game applications. Then there was the joker malware targeting users through Google Play Store apps.

According to Avast researcher Jakub Vávra, after the user downloads the fraudulent app, it tries to identify the user’s location and mobile device’s IMEI (International Mobile Equipment Identity) number to decide its language to communicate with the user.

Avast researcher Jakub Vávra explained that after a malicious app is downloaded on the device, it checks the user’s location and mobile phone’s IMEI number to determine its language to communicate with the user and country code.

Later on, it provokes users to insert their phone numbers and email IDs to obtain the app’s advertised features. Unfortunately, the application subscribes the user to paid SMS services for about $40/month behind the curtain.

While writing his blog post, Jakub Vávra has this to say:

The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions. While some of the apps include fine print describing this to users, not all of them do, meaning many people who submitted their phone numbers into the apps might not even realize the extra charges to their phone bill are connected to the apps

Although a notable number of fraudulent apps have been deleted from the Google Play Store,  about 82 of them are still present to be downloaded as of October 19, 2021.


Image Source: GitHub

The premium SMS scam campaign is assumed to be initiated in May 2021 and corrupted apps that satisfy many categories, including keyboards, QR code scanners, video, and photo editors, spam call blockers, camera filters, and games.

The UltimaSMS adware scam is also famous because it’s spread via advertising mediums on big social media sources such as Instagram, Facebook, and TikTok, attracting naive users with deceiving video ads.

There are still a few steps that you can take to prevent yourself from the UltimaSMS adware scam.

For example, you can start by uninstalling the app and then disable premium SMS options so that such apps can subscribe you to a premium subscription automatically.

Here are a few other tips and tricks for Android users to stay safe from malicious apps:

  1. Make sure to download apps from trusted platforms only. Even on Google Play Store, look for developer details and user reviews.
  2. Look for verified marks to tell the difference between fake and authentic apps.
  3. Keep the option ‘install from unknown sources’ disabled on your Android phone.
  4.  Use an Android VPN (a virtual private network) with build-in malware trackers to scan your phone for malicious content.
  5. Be careful when allowing app permissions.
  6. Use Anti-virus apps developed for Android OS like Norton Mobile Security and McAfee Mobile security. Some VPNs offer antivirus features as well that you can use to double security.

Leave a Reply

Your email address will not be published. Required fields are marked *