Critical Mobile Security Alert from Eset

05/12/2026 Technology
Critical Mobile Security Alert from Eset - Digital Media Engineering
Critical Mobile Security Alert from Eset - Digital Media Engineering

CallPhantom Android Scam Hits Over 7 Million Downloads, Pretending to Access Call, SMS, and WhatsApp History

Thousands of Android usersunknowingly downloaded fake apps that claim to reveal the call history, SMS records, and even WhatsApp call logs. These deceptive apps, exposed by ESETboast alleged capabilities but deliver nothingreal—only risk and financial loss. The scale is staggering: investigators identified 28 fraudulent applicationsthat racked up 7.3 million downloads, all removed from Google Play after a report to Google via the ESET App Defense Alliance. Here’s what you need to know to protect yourself and prevent becoming a victim.

What CallPhantom Claims Sound Like (And Why They’re False)

CallPhantom apps promise access to a target’s call history, SMS records, and WhatsApp call history. In reality, these apps do not retrieve or display real data. Instead, they rely on randomly generated datamatched with hard-coded names, times, and durations embedded in the app. This is a classic example of a social instrument disguised as a legitimate utility—designed to trick users into paying for a service that doesn’t exist.

Who Is Targeted and How the Scam Is Structured

The campaigns predominantly target Android users in Indiaand the broader Asia-Pacificregion A key detail is that many apps pre-select India’s +91 country code, and they mostly support UPIas a payment method, leveraging a familiar local ecosystem to appear legitimate. The attackers rely on subscription-based modelsand occasionally push payments through third-party processors, sometimes embedding payment forms directly into the app. This combination makes refunds and chargebacks harder to resolve through Google Play.

Evidence and What ESET Found

In a thorough investigation, ESETuncovered three distinct payment methods among the CallPhantom variants. Two of these violate Google Play’s policies by abusing official billing channels for recurring charges. The other methods circumvent Google’s billing entirely, surfacing card details or using third-party services. the consistency of features across 28 apps—despite different price points—shows a coordinated effort to monetize false claims while evading basic safeguards on Google Play.

Cost Structure: What Victims Are Paying For Nothing

Prices range widely, with some apps offering weekly, monthly, or yearly subscriptions. The highest listed price reaches $80, while the average entry-level tier sits around €5. This spread indicates a deliberate strategy to lure a broad audience with low initial costs and progressively higher charges for “enhanced” history access. It’s essential to understand that these paid tiers do not unlock any real data or functionality.

How Google Responded and What Happens If You Were Affected

Upon receiving findings from the ESET researchers, Google removed all identified CallPhantom applications from Google Play. When an app is removed, any active subscriptions tied to Google Play are typically canceled, and refunds may be issued for eligible purchases. If the user paid via non-Google channels, refunds depend on the specific merchant and payment provider. This highlights the importance of using Google Play’s native billing for any app purchases to streamline refunds and protections.

Red Flags That Signal a CallPhantom-Style Scam

  • Claims of data accessthat would require intrusive permissions but do not deliver real data.
  • Randomized datawith fixed names and times embedded in the code to simulate history.
  • Unusual payment modelsincluding direct card forms embedded in the app or third-party processors.
  • Pre-selected country codesand reliance on local payment systems (eg, UPI) to appear legitimate.
  • Promises of WhatsApp history accessor other messaging data that cannot be verified by the app itself.

Protective Steps You Can Take Right Now

  • Verify app legitimacyby checking developer details, reviews, and download counts. Be wary of apps that claim access to sensitive personal data.
  • Avoid granting unnecessary permissionslike access to call logs, SMS, or WhatsApp data to apps that don’t clearly require them for a stated function.
  • Use Google Play billingwhenever possible to ensure easier refunds and protection against unauthorized charges.
  • Cross-check payment methodsand monitor bank/card statements for unfamiliar subscriptions or charges tied to apps you don’t recall installing.
  • Enable Play Protectand keep your device’s security updates current to catch malicious apps before they spread.

What to Do If You’ve Downloaded a CallPhantom-Like App

  • Uninstall the suspicious app immediately. This prevents further data exposure and stop any ongoing attempts to collect payments.
  • Review subscription statuses in Google Play and other payment providers. Cancel any unknown recurring charges.
  • Report the app to Google Play via the Play Store page or the Google Safety Center to aid future takedowns.
  • Consider changing passwords and enabling two-factor authentication on accounts that could be affected, particularly if you entered credentials into the app.

Why This Scam Persists and How It Evolves

Criminals continually refine their approach to exploit local payment norms and trust in official app stores. By presenting a superficially plausible feature—“access to call logs” or “WhatsApp history”—they prey on users’ fear of losing information. The use of UPI-based paymentsand country-code pre-selection makes some victims feel the service targets in their region, increasing the likelihood of paying for something that never materializes. Ongoing collaboration between researchers like ESETand platform operators are crucial to identifying and removing these threats quickly.

Key Takeaways to Outsmart Similar Tactics

  • Always interrogate the necessity of a permission request. If an app asks for data it purports to enhance but cannot reasonably need, treat it with suspicion.
  • Prefer apps with clear, verifiable functionality and transparent developer information. Cross-verify with independent reviews and third-party security analyses.
  • Leverage official stores’ protections and refund policies. If in doubt, delaying a purchase until you’ve confirmed legitimacy can save money and data integrity.
  • Keep device security basics strong: updated OS, enabled Play Protect, and a reputable mobile security app to spot suspicious behavior early.

Be the first to comment

Leave a Reply