Ethical Hacking News
Recently, Slovakian cybersecurity company ESET discovered a cluster of fraudulent apps on the official Google Play Store for Android that promised users access to call histories for any phone number. These apps duped users into paying for fake data and incurred financial loss. Read more about this incident in our latest article.
ESET discovered a cluster of fraudulent apps on the Google Play Store called CallPhantom that promised access to call histories for any phone number. The apps duped users into paying for fake data, causing financial loss, primarily targeting Android users in India and the Asia-Pacific region. The malicious apps used subscription plans ranging from $6 to $80 and claimed to provide access to call histories, SMS records, and WhatsApp call logs for any phone number. Users who fell prey to the scam may be eligible for refunds under Google's refund policies, but purchases made via third-party payment apps cannot be refunded. The incident highlights the importance of cybersecurity awareness and education, as well as the need to exercise caution when downloading and installing apps from the official app storefront.
In a recent investigation by Slovakian cybersecurity company ESET, a cluster of fraudulent apps was discovered on the official Google Play Store for Android that promised users access to call histories for any phone number. These apps, collectively known as CallPhantom, duped users into paying for fake data and incur financial loss.
The activity primarily targeted Android users in India and the broader Asia-Pacific region, with one of the identified apps alone accounting for over 3 million downloads before it was taken down from the official app storefront. The offending apps claimed to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number.
To unlock this supposed feature, users were asked to pay, but all they received in return was randomly generated data. The list of identified apps included a range of names such as Call history : any number deta, Call History of Any Number (com.pixelxinnovation.manager), and Call Details of Any Number (com.app.call.detail.history).
ESET security researcher Lukáš Štefanko noted that the malicious apps were designed to trick users into making payments, with no data generated until a payment was made. The payments either relied on subscriptions via Google Play Store's official billing system or via third-party apps that support Unified Payments Interface (UPI), an instant payment system widely used in India.
Ironically, some of these third-party apps included Google Pay, Walmart-backed PhonePe, and Paytm, which are often considered safe and trustworthy. However, the fact remains that these apps were used to facilitate fraudulent activities, leaving users vulnerable to financial loss.
In addition to the promise of call history access, the malicious apps also implemented a third trick to convince users to make a payment. If they exited the app without making any payment, it displayed a deceptive notification claiming that a call history for a certain phone number had been successfully sent to their email address. Clicking on this notification directly took the user to a subscription screen.
The subscription plans offered by these malicious apps varied widely, ranging from $6 to $80. Users who may have fallen prey to the scam should have had their subscriptions canceled after the apps were removed from the Google Play Store.
What makes this activity notable is that the malicious apps have a simple user interface and do not request any sensitive permissions. Moreover, they do not contain any functionality to retrieve call, SMS, or WhatsApp data. This lack of legitimacy only serves to further trick users into making payments.
According to ESET, users who subscribed via official Google Play billing may be eligible for refunds under Google's refund policies. However, purchases made via third-party payment apps or through direct payment card entry cannot be refunded by Google, leaving users dependent on external payment providers or developers.
The discovery of these malicious apps serves as a reminder to users to exercise caution when downloading and installing apps from the official app storefront. It is essential to be aware of the potential risks associated with third-party apps and to always read reviews and check ratings before making a purchase.
Furthermore, this incident highlights the importance of cybersecurity awareness and education. Users must be vigilant in identifying phishing scams and avoiding suspicious activity, especially when it comes to sensitive information such as financial data.
The revelation also sheds light on the sophisticated tactics employed by hackers to deceive users into making payments. These malicious actors used a combination of social engineering, phishing websites, and voice phishing (vishing) to achieve full device compromise and unauthorized transfer execution.
Group-IB reported that this attack chain was linked to a financially motivated threat cluster called GoldFactory, which has stolen an estimated $2 million from Indonesian users as part of a fraud campaign. The campaign began in July 2025 and has been observed abusing more than 16 trusted brands, targeting Indonesia's broader population.
In conclusion, the discovery of these malicious apps on the official Google Play Store serves as a warning to users about the potential risks associated with downloading and installing third-party apps. It is crucial to be aware of the tactics employed by hackers to deceive users into making payments and to take necessary precautions to protect sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Fraudulent-App-Scams-How-Call-History-Apps-Stole-Payments-From-Users-After-73-Million-Play-Store-Downloads-ehn.shtml
https://thehackernews.com/2026/05/fake-call-history-apps-stole-payments.html
Published: Fri May 8 12:54:13 2026 by llama3.2 3B Q4_K_M
