New Android malware TeaBot found stealing data, intercepting SMS
The campaign’s modus operandi involves scammers attempting to subscribe unsuspecting users to premium subscription services without notifying them. These fraudulent apps are downloaded by users in the following countries:
- Saudi Arabia
- United Arab Emirates
- United States of America
Number of downloads per country
The campaign has been dubbed UltimaSMS by Avast researchers, and its main targets are Android applications available on Google Play Store. The name is derived from the first app the researchers discovered used in this fraud, Ultima Keyboard 3D.
Reportedly, the campaign has been active since May 2021. It primarily involves applications covering various categories, from QR code scanners and virtual keyboards to photo and video editors, camera filters, online games, and spam call blockers.
How does the Scheme Works?
Avast researcher Jakub Vávra explained that after a malicious app is downloaded on the device, it checks the user’s location and mobile phone’s IMEI number to determine the language in which it has to communicate with the user and country code.
Then, it prompts the user to enter their email ID and phone number to access the app’s advertised features. But, in reality, it discreetly subscribes the victim to premium SMS services that charge up to $40/month depending on their mobile carrier and geographic location.
“The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions. While some of the apps include fine print describing this to users, not all of them do, meaning many people who submitted their phone numbers into the apps might not even realize the extra charges to their phone bill are connected to the apps,” Vávra noted in their blog post.
Dozens of Apps Removed from Play Store
According to Avast researchers, at least 151 Android apps from more than 80 countries were used to subscribe users to premium SMS services.
A significant number of these malicious applications have been removed from the Play Store. However, there are about 82 apps available for download on online marketplaces as of Oct 19, 2021.
Reportedly, this adware scam is also distributed through advertising channels on mainstream social media platforms like Facebook, TikTok, and Instagram, where users are lured towards downloading the apps with attention-grabbing video ads.
How to Protect Your Device?
Uninstalling the app is the first and most effective action to prevent any further compromise of the device. Apart from that, you must disable all premium SMS options with the carriers so that none of these apps can perform subscription abuse. Since children have downloaded these apps too, based on the reviews on the app, it is imperative to secure children’s phones.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.