Fake Call History Apps Steal Payments After Millions of Play Store Downloads
The Hacker News reports a significant mobile fraud campaign involving 28 malicious apps on the official Google Play Store. These apps, collectively downloaded over 7.3 million times, masqueraded as tools to access call histories for any phone number. This functionality, predictably, was fake.
Instead of providing data, the apps tricked users into recurring subscriptions that delivered no legitimate service, directly leading to financial loss for victims. This is a classic bait-and-switch, leveraging user curiosity and a perceived utility to bypass Google’s vetting processes and monetize through fraudulent subscriptions.
This incident underscores a persistent challenge: even official app stores remain vulnerable to sophisticated social engineering and abuse. Defenders must recognize that app store presence does not equate to security. The attacker’s calculus here is simple: volume and plausible deniability. With millions of downloads, even a small conversion rate yields substantial illicit gains, and the apps’ initial appearance of legitimate utility helps them evade detection for extended periods.
What This Means For You
- If your organization's users download apps from public stores, this is a direct threat to their personal finances and, potentially, to corporate devices if those apps request excessive permissions. Educate your users immediately about the risks of third-party apps promising impossible functionality. Emphasize that official app stores are not foolproof. Review mobile device management (MDM) policies to restrict app installations to whitelisted sources where possible, or at least flag high-risk categories.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Mobile Fraud - Fake Call History App Subscription
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| Fake-Call-History-Apps | Misconfiguration | Google Play Store |
| Fake-Call-History-Apps | Information Disclosure | Fraudulent Android applications claiming to offer call history access |
| Fake-Call-History-Apps | Financial Fraud | Subscription scam providing fake data and incurring financial loss |
Written by SCW Vulnerability Desk
Related coverage on
TCLBANKER Banking Trojan Targets 59 Financial Platforms via WhatsApp, Outlook Worms
The Hacker News reports on a newly identified Brazilian banking trojan, TCLBANKER, which is actively targeting 59 distinct banking, fintech, and cryptocurrency platforms. Elastic Security...
Schumer Demands DHS AI Cyber Plan for State, Local Governments
Senate Minority Leader Chuck Schumer has pressed the Department of Homeland Security (DHS) for an urgent plan to coordinate with state, local, tribal, and territorial...
PamDOORa Linux Backdoor Emerges Amidst Other Cyber Developments
SecurityWeek reports on the emergence of PamDOORa, a sophisticated Linux backdoor. This malware is designed to grant attackers persistent access to compromised systems, allowing for...