·
·
Tech & Science
A cybersecurity firm uncovered 28 fraudulent apps on Google Play that deceived over 7.3 million users with fake call record access.
More than 7.3 million downloads were racked up by 28 fraudulent applications on Google Play before they were removed, according to a new report from cybersecurity firm ESET. The apps, collectively dubbed “CallPhantom” by researchers, lured users with promises of accessing other people’s call logs, SMS messages, and WhatsApp call history.
ESET detailed the scam in a report published on WeLiveSecurity, as cited by Al Arabiya Business. Despite varying appearances, the deception followed a consistent pattern: users entered a phone number, paid a fee to unlock supposed call records, and ultimately received fabricated data.
Investigators found that some apps generated random phone numbers and linked them to pre-coded names and call details embedded in the software. Other applications asked users to provide an email address where a “retrieved call log” would supposedly be sent. In every case, ESET confirmed that the apps never requested advanced or real permissions that would allow them to access the promised data.
The irony was not lost on researchers: while no one deserves to be scammed, these apps relied on inherently suspicious promises from the start. Rather than offering mundane features like wallpapers or weather tools, they claimed to provide private communication records of other individuals.
Some of the apps used Google Play’s official payment system, potentially enabling victims to request refunds. Others, however, directed users toward external payment apps or prompted them to enter credit card details directly within the application. In one instance, when a user attempted to exit an app, a misleading alert resembling a new email notification appeared, claiming call log results had arrived, then redirected the user back to the subscription screen.
ESET notified Google about the 28 apps on December 16, and all were removed from Google Play by the time the report was published. While downloading apps from outside the official Android store is generally considered riskier, this case serves as a reminder that Google Play itself can grant fraudulent applications broad access if they manage to pass initial screening.
