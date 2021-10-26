A rogue network of apps for the Android OS may have done more than , 5 million victims, mainly in the Middle East, from the registration of victims in expensive services via SMS. The scheme, called UltimaSMS, had a total of 151 applications available on the Google Play Store, including camera software, keyboards, QR code readers, video editors, offers, games and spam call blockers. History of cyber security: the origin of computer virus

Fake profile network has more than 1000 accounts for Pix and card scams

Configuration failure affects Wi-Fi from Brazilian and world universities According to Avast, responsible for discovering the scheme and reporting to Google, users from 220 countries downloaded the fraudulent software. Countries like Egypt, Saudi Arabia and Pakistan were the hardest hit, with more than two million downloads each, followed by the United Arab Emirates, with one million. From this total comes the number of victims, an estimate related to those who performed the installation and, in the promise of resources that did not always exist, could end up being registered against their will in fraudulent service platforms via SMS. The information appeared in the user’s local language, as a way of giving more legitimacy to the offer. When opening the app, victims were presented with a screen where they had to enter their phone and, sometimes, their email as well; the data was used for registration on paid platforms, without the fraudulent software relying on user authorizations to do so. In some cases, the values ​​reached US$ 10 (about R$ 151 at the current price) per week, which went directly into the pockets of criminals. Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! Apps from the UltimaSMS network promised features, but only delivered a registration request that used the user’s cell phone to register for paid services via SMS (Image: Reproduction/Avast)

In some cases, experts say, there were not even features in the downloaded applications, which only presented successive offers of registration in paid services or simply crashed after entering the data. Meanwhile, the fraud was only noticed when the victim received the bill or, then, saw the debit related to the services in their prepaid credits. The weekly charge is an integral part of the fraud, in order to maximize profits before the victim realized the problem.

According to Avast, the research on the scheme started with a single app, it evolved to more than 151 and finally reached a total of 80. In the most popular cases, the software had well-constructed Play Store profiles, with reviews made for fake profiles and quality images, as well as developer accounts with different solutions — all fraudulent, of course. Gradually, and with the popularity, the pages began to be invaded by negative reviews, with defrauded users warning others not to perform the downloads. Ads on social networks such as Instagram, Facebook and TikTok were also used to spread the scam.

Upon discovering the network, the security researchers reported the findings to Google, which carried out the removal of the apps. fraudulent. However, the idea is that a great deal of damage has already been done, with over millions of downloads representing potential victims who may now find it difficult to cancel services. For these, and everyone, the recommendation is to disable the registration for services paid by SMS, so that subscriptions are canceled and new ones cannot be made.

In addition, other recommendations involve attention to developer pages and to downloaded apps themselves, looking for reviews or media posts that indicate fraud. Telephone numbers, emails and other personal data should only be provided if the user trusts the solution, while security software must always be updated, as well as the operating system itself.

Source : Avast