Google has removed 28 fraudulent CallPhantom apps from the Play Store after cybersecurity firm ESET uncovered more than 25 malicious applications that collectively garnered over 7.3 million installations. These apps falsely claimed to provide access to call logs, SMS records, and WhatsApp call history in exchange for payment, primarily targeting Android users in India.
Key Details of the CallPhantom Scam
The fraudulent apps, part of the CallPhantom scam, promised users the ability to retrieve deleted or hidden call logs, text messages, and WhatsApp call records. However, once users subscribed and paid, the apps failed to deliver the promised services. ESET's investigation revealed that over 53.7% of CallPhantom detections occurred in India, with the apps pre-selecting the +91 country code and supporting UPI payments to facilitate transactions.
Financial Impact on Users
The scam employed a subscription-based model with various pricing tiers. The lowest subscription cost was Rs 560, while the premium services went up to $80 (approximately Rs 7,675). This pricing structure was designed to exploit Indian users, who were the primary targets.
Prevention and Safety Measures
To protect against such threats, users are advised to avoid downloading APKs from third-party sources, stick to official app stores, read reviews before installing, keep devices updated, and install reputable antivirus software. Additionally, users should be cautious of apps that request excessive permissions or make unrealistic promises.
Reporting Fraud
Indian users who fall victim to such scams can report fraud by calling the toll-free number 1930 within one hour of the incident. This allows authorities to trace and freeze mule bank accounts, potentially recovering lost funds.
Statistics at a Glance
- 28: Number of malicious apps detected and removed by Google.
- 7.3 million: Total installations of CallPhantom apps across the Play Store.
- 53.7%: Percentage of detections concentrated in India.
- $80 (approx. Rs 7,675): Highest subscription price charged by the fraudulent apps.
This incident underscores the importance of vigilance when downloading apps, especially those that request sensitive permissions or payment for questionable services. Users are encouraged to rely on trusted sources and report any suspicious activity to the authorities.
